Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/42186 | third party advisory vendor advisory |
| http://www.nbill.co.uk/forum-smf/index.php/topic%2C2158.0.html | |
| http://www.nbill.co.uk/newsflash/security-patch-for-all-versions-of-nbill.html | patch vendor advisory |
| http://www.securityfocus.com/bid/44719 | vdb entry |
| http://osvdb.org/69066 | vdb entry |