CVE-2010-1302

NUCLEI

Joomla! com_dwgraphs 1.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1302. PoCs published by Chip d3 bi0s. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Joomla DW Graph component. The vulnerability allows remote attackers to include arbitrary files via a null-byte injection in the 'controller' parameter.

Description

Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Chip d3 bi0s · textwebappsphp
https://www.exploit-db.com/exploits/11978

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Joomla DW Graph component. The vulnerability allows remote attackers to include arbitrary files via a null-byte injection in the 'controller' parameter.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Joomla DW Graph Component (version not specified)
No auth needed
Prerequisites: Joomla installation with DW Graph component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Component DW Graph - Local File Inclusion
MEDIUMby daffainfo

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39108
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11978
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39200
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/63345

Scores

EPSS 0.0400
EPSS Percentile 88.7%

Details

CWE
CWE-22
Status published
Products (1)
decryptweb/com_dwgraphs 1.0
Published Apr 07, 2010
Tracked Since Feb 18, 2026