CVE-2010-4270
EXPLOITED IN THE WILDnBill (com_netinvoice) < 1.2_10, < 2.0.9, < 2.0.10 - Path Traversal via Directory Traversal Sequences
Title source: llmExploitation Summary
CVE-2010-4270 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42186
Various Sources x_refsource_confirm
http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html
Patch, Vendor Advisory x_refsource_confirm
http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44719
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/69066
Scores
EPSS
0.0163
EPSS Percentile
73.3%
Details
VulnCheck KEV
2010-11-16
InTheWild.io
2010-11-17
CWE
CWE-22
Status
published
Products (3)
netshinesoftware/com_netinvoice
< 1.2_10
netshinesoftware/com_netinvoice
< 2.0.10
netshinesoftware/com_netinvoice
< 2.0.9
Published
Nov 17, 2010
Tracked Since
Feb 18, 2026