title: CVE-2010-1607 Exploitation Attempt
id: 699e3765-a82a-4d7c-8214-8e8fe7c57fdd
author: Subhash Popuri (@pbssubhash)
date: 2021/08/25
status: experimental
description: Joomla! Component WMI 1.5.0 - Local File Inclusion:Directory traversal
  vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi)
  component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary
  local files via a .. (dot dot) in the controller parameter to index.php.
references:
  - https://github.com/projectdiscovery/nuclei-templates
logsource:
  category: webserver
detection:
  selection:
    c-uri|contains:
      - /index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00
  condition: selection
false_positives:
  - Scanning from Nuclei
  - Penetration Testing Activity
  - Unknown
tags:
  - attack.initial_access
  - attack.t1190
level: critical