VYPR
Unrated severityNVD Advisory· Published Nov 26, 2012· Updated Jun 16, 2026

CVE-2010-5280

CVE-2010-5280

Description

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:joomla-cbe:com_cbe:1.4.10:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:joomla-cbe:com_cbe:1.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla-cbe:com_cbe:1.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla-cbe:com_cbe:1.4.9:*:*:*:*:*:*:*
  • Range: = 1.4.8, 1.4.9, and 1.4.10

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.