SQL Injection Vulnerability in JE Ajax Event Calendar for Joomla!
CVE-2010-2513

Currently unrated

Key Information:

Vendor: Harmistechnology
Status: Com Jeajaxeventcalendar
Vendor: CVE Published:; 28 June 2010

🔔 Create Harmistechnology Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2010-2513?

The JE Ajax Event Calendar component for Joomla! 1.0.5 is susceptible to an SQL injection vulnerability. By manipulating the 'view' parameter in the index.php file, remote attackers can execute arbitrary SQL commands. This flaw could lead to unauthorized access to the database and expose sensitive information. Implementing proper input validation and utilizing parameterized queries can help mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-2513 - Proof of Concept

References

http://www.securityfocus.com/bid/41058

vdb-entryx_refsource_BID

http://packetstormsecurity.org/1006-exploits/joomlajeajax...

x_refsource_MISC

http://www.exploit-db.com/exploits/13997

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Jun 28, 2010
👾
Exploit known to exist
Jun 28, 2010
Vulnerability published
Jun 28, 2010

CVE-2010-2513 Data

JSON