CVE-2010-5280: Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attac...

Description

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.

Metrics

EPSS Probability

5.46%

91.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Joomla-Cbe	Com Cbe	1.4.8
Joomla-Cbe	Com Cbe	1.4.9
Joomla-Cbe	Com Cbe	1.4.10

References

Timeline

Published: Nov 26, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-5280?

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.

How severe is CVE-2010-5280?

Severity scoring for CVE-2010-5280 is pending analysis. The EPSS model estimates a 5.46% probability of exploitation in the next 30 days.

How do I fix CVE-2010-5280?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.