CVE-2010-2857

NUCLEI

com_music - Path Traversal via Album CID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2857. PoCs published by Sid3^effects. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in the Music Manager Joomla! 1.5 extension. The exploit details how an attacker can manipulate the 'cid' parameter to include arbitrary files via null byte termination.

Description

Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sid3^effects · textwebappsphp
https://www.exploit-db.com/exploits/14274

This is a writeup describing a Local File Inclusion (LFI) vulnerability in the Music Manager Joomla! 1.5 extension. The exploit details how an attacker can manipulate the 'cid' parameter to include arbitrary files via null byte termination.

Classification
Writeup 90%
Attack Type
Lfi
Complexity
Trivial
Reliability
Reliable
Target: Music Manager Joomla! 1.5 extension
No auth needed
Prerequisites: Access to the vulnerable Joomla! component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Component Music Manager - Local File Inclusion
MEDIUMby daffainfo

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41485
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60195
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14274

Scores

EPSS 0.0120
EPSS Percentile 79.4%

Details

CWE
CWE-22
Status published
Products (12)
danieljamesscott/com_music 0.1
danieljamesscott/com_music 0.2
danieljamesscott/com_music 0.3
danieljamesscott/com_music 0.4
danieljamesscott/com_music 0.5
danieljamesscott/com_music 0.6
danieljamesscott/com_music 0.7
danieljamesscott/com_music 0.8
danieljamesscott/com_music 0.9
danieljamesscott/com_music 0.10
... and 2 more
Published Jul 25, 2010
Tracked Since Feb 18, 2026