CVE-2010-2122

NUCLEI

Joelrowley Com Simpledownload - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Xr0b0t · textwebappsphp

https://www.exploit-db.com/exploits/12618

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by ALTBTA · textwebappsphp

https://www.exploit-db.com/exploits/12623

View Code ZIP pw:eip

Nuclei Templates (1)

Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval

MEDIUMby daffainfo

References (8)

[Patch] http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717

[Exploit] http://packetstormsecurity.org/1005-exploits/joomlasimpledownload-lfi.txt

[Vendor Advisory] http://secunia.com/advisories/39871

[Exploit] http://www.exploit-db.com/exploits/12618

[Exploit] http://www.osvdb.org/64743

[Exploit] http://www.securityfocus.com/bid/40192

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/58625

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511305/100/0/threaded

Scores

EPSS 0.0344

EPSS Percentile 87.5%

Details

CWE

CWE-22

Status published

Products (1)

joelrowley/com_simpledownload 0.9.5

Published Jun 01, 2010

Tracked Since Feb 18, 2026