CVE-2011-4804

NUCLEI

com_obsuggest < 1.8 - Path Traversal via Controller Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4804. PoCs published by the_cyber_nuxbie. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit describes a local file inclusion (LFI) vulnerability in the 'com_kp' component of Joomla! due to improper input sanitization. An attacker can leverage this to include arbitrary local files or execute scripts in the context of the webserver process.

Description

Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by the_cyber_nuxbie · textwebappsphp

https://www.exploit-db.com/exploits/36598

View Code ZIP pw:eip

The exploit describes a local file inclusion (LFI) vulnerability in the 'com_kp' component of Joomla! due to improper input sanitization. An attacker can leverage this to include arbitrary local files or execute scripts in the context of the webserver process.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Joomla! with 'com_kp' component

No auth needed

Prerequisites: Joomla! installation with vulnerable 'com_kp' component

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Component com_kp - 'Controller' Local File Inclusion

MEDIUMby daffainfo

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48944

Vendor Advisory x_refsource_confirm

http://foobla.com/news/latest/obsuggest-1.8-security-release.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/46844

Scores

EPSS 0.1012

EPSS Percentile 93.3%

Details

CWE

CWE-22

Status published

Products (9)

foobla/com_obsuggest 1.5.0.1

foobla/com_obsuggest 1.5.1.1.20090922

foobla/com_obsuggest 1.5.1.2

foobla/com_obsuggest 1.5.1.4

foobla/com_obsuggest 1.5.1.5

foobla/com_obsuggest 1.5.1.6

foobla/com_obsuggest 1.5.1.7

foobla/com_obsuggest 1.6.1 b7 (2 CPE variants)

foobla/com_obsuggest < 1.6.4

Published Dec 14, 2011

Tracked Since Feb 18, 2026