CVE-2010-1043 in jaxCMSinfo

Summary

by MITRE

Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/03/2026

The vulnerability identified as CVE-2010-1043 represents a critical directory traversal flaw within the jaxCMS 1.0 content management system. This security weakness resides in the index.php script where improper input validation allows malicious actors to manipulate the p parameter through directory traversal sequences. The vulnerability stems from the application's failure to adequately sanitize user-supplied input before using it in file inclusion operations, creating an avenue for unauthorized access to local system resources.

This directory traversal vulnerability maps directly to CWE-22, which categorizes improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks. The flaw enables attackers to navigate beyond the intended directory structure and access arbitrary local files on the server filesystem. When combined with the file inclusion functionality in jaxCMS, this creates a potent exploitation vector that can lead to remote code execution, data theft, or complete system compromise.

The operational impact of this vulnerability extends beyond simple file access, as it allows attackers to potentially execute arbitrary code on the target system. Remote attackers can leverage the directory traversal sequences to include system files such as configuration files, database credentials, or even system binaries, depending on the server configuration and file permissions. The vulnerability affects any environment running jaxCMS 1.0 where the p parameter is not properly validated, making it particularly dangerous in production environments where sensitive data may be accessible through the CMS.

Security professionals should note that this vulnerability aligns with several ATT&CK techniques including T1566 for credential access through file infiltration and T1059 for command and script injection. The attack surface is broad given that many CMS platforms implement similar file inclusion patterns, making this type of vulnerability common across web applications. Organizations should implement immediate mitigations including input validation, parameter sanitization, and the use of allowlists for file access operations. Additionally, the principle of least privilege should be enforced by ensuring that web applications operate with minimal required permissions and that sensitive files are properly protected from unauthorized access. Regular security assessments and code reviews are essential to identify and remediate similar vulnerabilities in other components of the application stack.

Reservation

03/22/2010

Disclosure

03/22/2010

Moderation

accepted

Entry

VDB-52284

CPE

ready

Exploit

Download

EPSS

0.02356

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!