CVE-2010-1722 in Com Market
Summary
by MITRE
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/20/2025
The CVE-2010-1722 vulnerability represents a critical directory traversal flaw within the Online Market component version 2.x for Joomla! platforms. This vulnerability exists in the way the application processes user input through the controller parameter in the index.php file, creating an opportunity for remote attackers to manipulate file access paths. The flaw stems from inadequate input validation and sanitization mechanisms that fail to properly restrict directory navigation sequences, allowing malicious actors to exploit the component's file handling logic. The vulnerability specifically manifests when the controller parameter contains directory traversal sequences such as .. (dot dot) which can be used to navigate outside the intended directory structure and access restricted files on the server.
This directory traversal vulnerability falls under the CWE-22 category, which classifies improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks. The attack vector operates through the manipulation of the controller parameter in the index.php script, where the application fails to validate or sanitize the input before using it to construct file paths. When an attacker submits a request containing .. sequences in the controller parameter, the application processes these sequences without proper validation, potentially allowing access to sensitive files such as configuration files, database credentials, or other system resources that should remain protected from unauthorized access. The vulnerability's impact extends beyond simple file reading, as it can potentially lead to arbitrary code execution, data exfiltration, or complete system compromise depending on the server configuration and the files accessible through the traversal mechanism.
The operational impact of CVE-2010-1722 is significant for Joomla installations where the Online Market component is deployed, creating a persistent security risk that remains exploitable until the component is properly updated or patched.
Security mitigation strategies for CVE-2010-1722 should prioritize immediate patching of the affected Joomla ecosystem.