Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| corejoomla | com_communitypolls | 1.5.1 |
| corejoomla | com_communitypolls | 1.0.7 |
| corejoomla | com_communitypolls | 1.0.3 |
| corejoomla | com_communitypolls | * |
| corejoomla | com_communitypolls | 1.0.2 |
| corejoomla | com_communitypolls | 1.0.6 |
| corejoomla | com_communitypolls | 1.0.9 |
| corejoomla | com_communitypolls | 1.0.8 |
| corejoomla | com_communitypolls | 1.5.0 |
| corejoomla | com_communitypolls | 1.0.1 |
| corejoomla | com_communitypolls | 1.0.5 |
| corejoomla | com_communitypolls | 1.0.4 |