CVE-2010-5286

NUCLEI

Joomla! Jstore Component - Path Traversal via Controller Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5286. PoCs published by jos_ali_joe. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion (LFI) vulnerability in the 'com_jstore' component for Joomla! by manipulating the 'controller' parameter to traverse directories and include arbitrary files, such as '/etc/passwd'.

Description

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by jos_ali_joe · textwebappsphp
https://www.exploit-db.com/exploits/34837

This exploit demonstrates a local file inclusion (LFI) vulnerability in the 'com_jstore' component for Joomla! by manipulating the 'controller' parameter to traverse directories and include arbitrary files, such as '/etc/passwd'.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Joomla! with 'com_jstore' component
No auth needed
Prerequisites: Joomla! installation with vulnerable 'com_jstore' component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Component Jstore - 'Controller' Local File Inclusion
CRITICALby daffainfo

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44053

Scores

EPSS 0.3216
EPSS Percentile 97.0%

Details

CWE
CWE-22
Status published
Products (1)
joobi/com_jstore
Published Nov 26, 2012
Tracked Since Feb 18, 2026