SQL Injection Vulnerability in Prince Clan Chess Club for Joomla!
CVE-2009-0379

Currently unrated

Key Information:

Vendor: Joomla
Status: Com Pcchess
Vendor: CVE Published:; 2 February 2009

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-0379?

The Prince Clan Chess Club component for Joomla! contains an SQL injection vulnerability that allows remote attackers to inject and execute arbitrary SQL commands. This occurs through the 'game_id' parameter in the 'showgame' action of the index.php script. Attackers can exploit this flaw to manipulate the database, potentially leading to unauthorized data access or modification.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-0379 - Proof of Concept

References

https://www.exploit-db.com/exploits/7846

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/33394

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/48144

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 2, 2009
👾
Exploit known to exist
Feb 2, 2009
Vulnerability published
Feb 2, 2009
Vulnerability Reserved
Feb 2, 2009

CVE-2009-0379 Data

JSON