Vulnerability Description
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomlaworks | Jw Allvideos | 3.0 |
| Joomla | Joomla | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/62331
- http://secunia.com/advisories/38587Vendor Advisory
- http://www.exploit-db.com/exploits/11447
- http://www.joomlaworks.gr/content/view/77/34/PatchVendor Advisory
- http://www.securityfocus.com/bid/38238Exploit
- http://osvdb.org/62331
- http://secunia.com/advisories/38587Vendor Advisory
- http://www.exploit-db.com/exploits/11447
- http://www.joomlaworks.gr/content/view/77/34/PatchVendor Advisory
- http://www.securityfocus.com/bid/38238Exploit
FAQ
What is CVE-2010-0696?
CVE-2010-0696 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../......
How severe is CVE-2010-0696?
CVE-2010-0696 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0696?
Check the references section above for vendor advisories and patch information. Affected products include: Joomlaworks Jw Allvideos, Joomla Joomla.