VYPR
Unrated severityNVD Advisory· Published Nov 17, 2010· Updated Jun 16, 2026

CVE-2010-4270

CVE-2010-4270

Description

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.

Affected products

4
  • cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:*:*:*:*:*:*range: <=1.2_10
    • cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:lite:*:*:*:*:*range: <=2.0.10
    • cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:std:*:*:*:*:*range: <=2.0.9
  • nBill/nBillllm-fuzzy
    Range: <2.0.9 (standard), <2.0.10 (lite), <1.2_10

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.