7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.4%
Joomla with multiple components is prone to SQL injection vulnerabilities.
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:joomla:joomla";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.802196");
script_version("2023-07-28T05:05:23+0000");
script_cve_id("CVE-2010-4927", "CVE-2010-4928", "CVE-2010-4929", "CVE-2010-4937",
"CVE-2010-4945", "CVE-2010-4902", "CVE-2010-4865", "CVE-2010-4904");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2023-07-28 05:05:23 +0000 (Fri, 28 Jul 2023)");
script_tag(name:"creation_date", value:"2011-11-03 15:42:01 +0200 (Thu, 03 Nov 2011)");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Joomla Multiple Components SQL Injection Vulnerabilities");
script_xref(name:"URL", value:"http://secunia.com/advisories/40932");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/33254");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42334");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42986");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43014");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43319");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43415");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43605");
script_xref(name:"URL", value:"http://secunia.com/advisories/41322");
script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/62151");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/14530/");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/14596/");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/14530/");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/15040/");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/15157/");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/14902/");
script_xref(name:"URL", value:"http://packetstormsecurity.org/files/92305/joomlacamelcitydb2-sql.txt");
script_xref(name:"URL", value:"http://packetstormsecurity.org/files/view/105704/joomlasgicatalog-sql.txt");
script_tag(name:"qod_type", value:"remote_active");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("Web application abuses");
script_dependencies("joomla_detect.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("joomla/installed");
script_tag(name:"impact", value:"Successful exploitation will let attackers to manipulate SQL queries by
injecting arbitrary SQL code.");
script_tag(name:"affected", value:"Joomla Joostina component, Joomla sgicatalog component, Joomla Amblog
component version 1.0, Joomla Clantools Component version 1.2.3, Joomla CamelcityDB component version 2.2, Joomla
Clantools Component version 1.2.3, Joomla Restaurant Guide component version 1.0.0, Joomla Aardvertiser Component
versions 2.1 and 2.1.1.");
script_tag(name:"insight", value:"Please see the references for more information on the vulnerabilities.");
script_tag(name:"solution", value:"Update the components.");
script_tag(name:"summary", value:"Joomla with multiple components is prone to SQL injection vulnerabilities.");
exit(0);
}
include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");
if (!port = get_app_port(cpe:CPE))
exit(0);
if (!dir = get_app_location(cpe:CPE, port:port))
exit(0);
if (dir == "/")
dir = "";
pages = make_list("/index.php?option=com_restaurantguide&view=country&id='&Itemid=69",
"/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode='",
"/index.php?option=com_amblog&task=editsave&articleid='",
"/index.php?option=com_camelcitydb2&view=all&Itemid=15",
"/index.php?option=com_jeguestbook&view=item_detail&d_itemid='",
"/index.php?option=com_clantools&squad='",
"/index.php?option=com_sgicatalog&task=view&lang=en&id='",
"/index.php?option=com_aardvertiser&cat_name='x+AND+'1'='1&task=view");
foreach page (pages) {
url = dir + page;
if (http_vuln_check(port: port, url: url,
pattern: "<b>Warning</b>: Invalid argument supplied for foreach\(\)") ||
http_vuln_check(port: port, url: url, pattern:"You have an error in your SQL syntax;")) {
report = http_report_vuln_url(port: port, url: url);
security_message(port: port, data: report);
exit(0);
}
}
exit(99);
packetstormsecurity.org/files/92305/joomlacamelcitydb2-sql.txt
packetstormsecurity.org/files/view/105704/joomlasgicatalog-sql.txt
secunia.com/advisories/40932
secunia.com/advisories/41322
www.exploit-db.com/exploits/14530/
www.exploit-db.com/exploits/14596/
www.exploit-db.com/exploits/14902/
www.exploit-db.com/exploits/15040/
www.exploit-db.com/exploits/15157/
www.securityfocus.com/bid/33254
www.securityfocus.com/bid/42334
www.securityfocus.com/bid/42986
www.securityfocus.com/bid/43014
www.securityfocus.com/bid/43319
www.securityfocus.com/bid/43415
www.securityfocus.com/bid/43605
xforce.iss.net/xforce/xfdb/62151