CVE-2010-1603

NUCLEI

Zimbllc Com Zimbcore - Path Traversal

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1603. PoCs published by AntiSecurity. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Joomla component ZiMB Manager (com_zimbcore version 0.1). The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'controller' parameter.

Description

Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by AntiSecurity · textwebappsphp
https://www.exploit-db.com/exploits/12284

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Joomla component ZiMB Manager (com_zimbcore version 0.1). The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'controller' parameter.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Joomla com_zimbcore version 0.1
No auth needed
Prerequisites: Joomla installation with vulnerable com_zimbcore component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Component ZiMBCore 0.1 - Local File Inclusion
HIGHby daffainfo

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12284
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39546
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0931

Scores

EPSS 0.0456
EPSS Percentile 89.5%

Details

CWE
CWE-22
Status published
Products (1)
zimbllc/com_zimbcore 0.1
Published Apr 29, 2010
Tracked Since Feb 18, 2026