CVE-2010-2848

InterJoomla ArtForms <2.1b7.2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2848. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in ArtForms 2.1b7.2 RC2, including SQL injection, directory traversal, and reflected XSS. It provides sample exploit URLs but does not include functional exploit code.

Description

Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Salvatore Fresta · textwebappsphp
https://www.exploit-db.com/exploits/14263

This is a technical writeup detailing multiple vulnerabilities in ArtForms 2.1b7.2 RC2, including SQL injection, directory traversal, and reflected XSS. It provides sample exploit URLs but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Sqli | Info Leak | Xss
Complexity
Trivial
Reliability
Reliable
Target: ArtForms 2.1b7.2 RC2 Joomla Component
No auth needed
Prerequisites: Joomla installation with vulnerable ArtForms component
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41457
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60161
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512215/100/0/threaded
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14263

Scores

EPSS 0.0276
EPSS Percentile 84.3%

Details

CWE
CWE-22
Status published
Products (1)
gonzalo_maser/com_artforms 2.1b7.2 rc2
Published Jul 25, 2010
Tracked Since Feb 18, 2026