CVE-2010-2045

NUCLEI

Dionesoft Com Dioneformwizard - Path Traversal

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2045. PoCs published by Chip d3 bi0s. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Joomla component Dione Form Wizard. The vulnerability allows remote attackers to include arbitrary files by manipulating the 'controller' parameter with a null byte termination.

Description

Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Chip d3 bi0s · textwebappsphp

https://www.exploit-db.com/exploits/12595

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Joomla component Dione Form Wizard. The vulnerability allows remote attackers to include arbitrary files by manipulating the 'controller' parameter with a null byte termination.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dione Form Wizard 1.0.2

No auth needed

Prerequisites: Joomla installation with Dione Form Wizard component

MITRE ATT&CK