cpe:/a:tamlyncreative:com_bfsurvey_basic:1.1 cpe:/a:tamlyncreative:com_bfsurvey_pro:1.3.0 cpe:/a:tamlyncreative:com_bfsurvey_profree:1.2.6 CVE-2010-2259 2010-06-09T16:30:29.663-04:00 2010-06-10T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-06-10T10:47:00.000-04:00 EXPLOIT-DB 10946 BID 37584 SECUNIA 37866 OSVDB 61438 MISC http://packetstormsecurity.org/1001-exploits/joomlabfsurvey-lfi.txt CONFIRM http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0 Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.