CVE-2010-2035

EXPLOITED NUCLEI

Percha Gallery 1.6 Beta - Path Traversal via Controller Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-2035 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including AntiSecurity. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in multiple Percha components for Joomla, allowing attackers to read sensitive files via path traversal. No actual exploit code is present, only a description and example URL.

Description

Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by AntiSecurity · textwebappsphp
https://www.exploit-db.com/exploits/34006

The provided text describes a local file inclusion (LFI) vulnerability in multiple Percha components for Joomla, allowing attackers to read sensitive files via path traversal. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Percha components for Joomla (com_perchaimageattach, com_perchafieldsattach, com_perchadownloadsattach, com_perchagallery, com_perchacategoriestree)
No auth needed
Prerequisites: Access to the vulnerable Joomla component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
HIGHby daffainfo

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40244

Scores

EPSS 0.0136
EPSS Percentile 80.7%

Details

VulnCheck KEV 2025-12-26
CWE
CWE-22
Status published
Products (1)
percha/com_perchagallery 1.6 beta
Published May 25, 2010
Tracked Since Feb 18, 2026