SQL Injection Vulnerability in JE Quiz Component for Joomla!
CVE-2010-0796

Currently unrated

Key Information:

Vendor: Harmistechnology
Status: Com Jeeventcalendar
Vendor: CVE Published:; 2 March 2010

🔔 Create Harmistechnology Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2010-0796?

A SQL injection vulnerability exists in the JE Quiz component for Joomla! that allows remote attackers to execute arbitrary SQL commands. This is achieved through the manipulation of the 'eid' parameter in a question action to index.php, potentially compromising the database and exposing sensitive information.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-0796 - Proof of Concept

References

http://osvdb.org/62039

vdb-entryx_refsource_OSVDB

http://www.exploit-db.com/exploits/11287

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/38412

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 2, 2010
👾
Exploit known to exist
Mar 2, 2010
Vulnerability published
Mar 2, 2010
Vulnerability Reserved
Mar 2, 2010

CVE-2010-0796 Data

JSON