CVE-2010-4270

EXPLOITED IN THE WILD

nBill (com_netinvoice) < 1.2_10, < 2.0.9, < 2.0.10 - Path Traversal via Directory Traversal Sequences

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-4270 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42186
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44719
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/69066

Scores

EPSS 0.0163
EPSS Percentile 73.3%

Details

VulnCheck KEV 2010-11-16
InTheWild.io 2010-11-17
CWE
CWE-22
Status published
Products (3)
netshinesoftware/com_netinvoice < 1.2_10
netshinesoftware/com_netinvoice < 2.0.10
netshinesoftware/com_netinvoice < 2.0.9
Published Nov 17, 2010
Tracked Since Feb 18, 2026