CVE-2010-4270
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
17/11/2010
Last modified:
07/11/2023
Description
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:*:*:*:*:*:* | 1.2_10 (including) | |
cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:std:*:*:*:*:* | 2.0.9 (including) | |
cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:lite:*:*:*:*:* | 2.0.10 (including) | |
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page