Security Advisory

CVE-2010-1217

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-03-30 23:00:00

Last updated 2024-08-07 01:14:06

Assigner mitre

State PUBLISHED

Description

Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.

← Browse all CVEs View on cve.org ↗