Arbitrary File Inclusion and Code Execution Vulnerability in Community Builder Enhanced (CBE) Component for Joomla

Arbitrary File Inclusion and Code Execution Vulnerability in Community Builder Enhanced (CBE) Component for Joomla

CVE-2010-5280 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.

Learn more about our User Device Pen Test.