CVE-2010-2857

Published Jul 25, 2010

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD0F03A1-C9F0-4EF2-894D-82952C217680"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EA139EB-9983-4001-9039-E0D75AF2F6AA"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "288D79B4-98C4-4C98-BA37-EFF3F1BD513B"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08E7287A-2F13-4E54-A99B-4A18CD902356"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "910F3829-2055-412B-9852-DD2F3609DF41"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11641AC6-E01F-4D2B-9CD3-3FC19346E072"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39305517-FDDE-4E3A-895A-A515FD025045"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0AE0F9C-4D6B-4257-AF26-8E0C2AB42827"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16549D44-946F-4407-A2EF-E342245B5FF0"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB7123F5-8F54-47AD-BA23-0F7B74345676"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0A8F105-AEFD-41A0-A9B2-FD0FAEA9F2D1"
          },
          {
            "criteria": "cpe:2.3:a:danieljamesscott:com_music:0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C83D139-1230-4DF1-8B9F-45FDBF06EACD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References