CVE-2010-1433 (GCVE-0-2010-1433)

Vulnerability from cvelistv5 – Published: 2021-06-21 22:13 – Updated: 2024-08-07 01:21
VLAI
Summary
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Joomla Affected: Joomla core from 1.5.0 up to and including 1.5.15
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:21:19.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Joomla",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Joomla core from 1.5.0 up to and including 1.5.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-21T22:13:29.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-1433",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Joomla",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Joomla core from 1.5.0 up to and including 1.5.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15/",
              "refsource": "MISC",
              "url": "https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15/"
            },
            {
              "name": "https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html",
              "refsource": "MISC",
              "url": "https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-1433",
    "datePublished": "2021-06-21T22:13:29.000Z",
    "dateReserved": "2010-04-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T01:21:19.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2010-1433",
      "date": "2026-05-26",
      "epss": "0.00017",
      "percentile": "0.04281"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1433\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-06-21T23:15:09.497\",\"lastModified\":\"2024-11-21T01:14:24.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.\"},{\"lang\":\"es\",\"value\":\"Joomla! Core es propenso a una vulnerabilidad que permite a unos atacantes cargar archivos arbitrarios porque la aplicaci\u00f3n presenta un fallo al verificar apropiadamente la entrada suministrada por el usuario. Un atacante puede explotar esta vulnerabilidad para cargar c\u00f3digo arbitrario y ejecutarlo en el contexto del proceso del servidor web. Esto puede facilitar el acceso no autorizado o una escalada de privilegios; otros ataques tambi\u00e9n son posibles. Joomla! Core versiones 1.5.x que van desde la 1.5.0 hasta la 1.5.15 e incluy\u00e9ndola son vulnerables\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:joomla:joomla\\\\!:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndIncluding\":\"1.5.15\",\"matchCriteriaId\":\"E6FB5F3E-58F9-4702-927A-0716AB6EC673\"}]}]}],\"references\":[{\"url\":\"https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.