Unrated severityNVD Advisory· Published Jul 25, 2010· Updated Apr 29, 2026
CVE-2010-2850
CVE-2010-2850
Description
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
Affected products
6cpe:2.3:a:nusoftware:nubuilder:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:nusoftware:nubuilder:*:*:*:*:*:*:*:*range: <=10.04.20
- cpe:2.3:a:nusoftware:nubuilder:09.06.10:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.06.26:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.07.24:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.08.20:*:*:*:*:*:*:*
- cpe:2.3:a:nusoftware:nubuilder:09.09.23:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.nubuilder.com/nubuilderwww/change.phpnvdPatch
- cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.htmlnvdExploit
- packetstormsecurity.org/1007-exploits/nubuilder-lfi.txtnvdExploit
- www.osvdb.org/66006nvdExploit
- www.securityfocus.com/bid/41404nvdExploit
- secunia.com/advisories/40483nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1726nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/60138nvd
News mentions
0No linked articles in our index yet.