CVE-2011-4804 - OpenCVE

Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Joomla	Joomla\!
Foobla	Com Obsuggest

Configuration 1 [-]

AND

OR	cpe:2.3:a:foobla:com_obsuggest::::::::
	cpe:2.3:a:foobla:com_obsuggest:1.5.0.1:::::::*
	cpe:2.3:a:foobla:com_obsuggest:1.5.1.1.20090922:::::::*
	cpe:2.3:a:foobla:com_obsuggest:1.5.1.2:::::::*
	cpe:2.3:a:foobla:com_obsuggest:1.5.1.4:::::::*
	cpe:2.3:a:foobla:com_obsuggest:1.5.1.5:::::::*
	cpe:2.3:a:foobla:com_obsuggest:1.5.1.6:::::::*
	cpe:2.3:a:foobla:com_obsuggest:1.5.1.7:::::::*
	cpe:2.3:a:foobla:com_obsuggest:1.6.1:b7::::::
	cpe:2.3:a:foobla:com_obsuggest:1.6.1:b8::::::

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

References

Link	Resource
http://foobla.com/news/latest/obsuggest-1.8-security-release.html	Vendor Advisory
http://secunia.com/advisories/46844	Vendor Advisory
http://www.securityfocus.com/bid/48944	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:15

Updated: 2022-10-03T16:15:15

Reserved: 2022-10-03T00:00:00

Link: CVE-2011-4804

JSON object: View

NVD Information

Status : Analyzed

Published: 2011-12-14T00:55:04.810

Modified: 2012-02-10T05:00:00.000

Link: CVE-2011-4804

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "48944", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48944"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://foobla.com/news/latest/obsuggest-1.8-security-release.html"}, {"name": "46844", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46844"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4804", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "48944", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48944"}, {"name": "http://foobla.com/news/latest/obsuggest-1.8-security-release.html", "refsource": "CONFIRM", "url": "http://foobla.com/news/latest/obsuggest-1.8-security-release.html"}, {"name": "46844", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46844"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4804", "datePublished": "2022-10-03T16:15:15", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foobla:com_obsuggest:*:*:*:*:*:*:*:*", "matchCriteriaId": "5315C3FA-D368-4E87-B5A2-D701BF9C860D", "versionEndIncluding": "1.6.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDA76FAE-53FD-4DD6-B859-9E8B86470AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.5.1.1.20090922:*:*:*:*:*:*:*", "matchCriteriaId": "15474E47-28BA-4CA5-B635-0320CB13B7AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D03F6FFE-8DD9-411D-9F88-B051D2F00342", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E93A094B-EADE-45C0-A27B-547B5110F1D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "B87B47CF-45D8-4533-90BC-9F4109D0DDB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.5.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "ADB5186B-79DA-436B-A4A1-31A5C10F9650", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.5.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "9A788B4A-E371-4451-A4A7-1BDA413E053C", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.6.1:b7:*:*:*:*:*:*", "matchCriteriaId": "EE1153A7-4CC0-47ED-A9CB-4F9AE51D2A37", "vulnerable": true}, {"criteria": "cpe:2.3:a:foobla:com_obsuggest:1.6.1:b8:*:*:*:*:*:*", "matchCriteriaId": "96B9F8BB-E75D-403F-AEEF-9F45FB5F069E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."}, {"lang": "es", "value": "Vulnerabilida de salto de directorio en el componente obSuggest (com_obsuggest) antes de v1.8 para Joomla! permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s del par\u00e1metro .. (dot dot) en el par\u00e1metro controller de index.php"}], "id": "CVE-2011-4804", "lastModified": "2012-02-10T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-14T00:55:04.810", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://foobla.com/news/latest/obsuggest-1.8-security-release.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46844"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/48944"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}