SQL Injection Vulnerability in JE Ajax Event Calendar for Joomla!
CVE-2010-4365

Currently unrated

Key Information:

Vendor: Harmistechnology
Status: Com Jeajaxeventcalendar
Vendor: CVE Published:; 1 December 2010

🔔 Create Harmistechnology Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2010-4365?

The JE Ajax Event Calendar component for Joomla! is susceptible to an SQL injection vulnerability that enables remote attackers to execute arbitrary SQL commands. This exploitation occurs through the event_id parameter when processing requests in the alleventlist_more action via index.php. Attackers could leverage this flaw to manipulate the database, leading to unauthorized access or data compromise.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-4365 - Proof of Concept

References

http://www.exploit-db.com/exploits/15610

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/39836

third-party-advisoryx_refsource_SECUNIA

http://packetstormsecurity.org/files/view/96125/joomlaaja...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Dec 1, 2010
👾
Exploit known to exist
Dec 1, 2010
Vulnerability published
Dec 1, 2010

CVE-2010-4365 Data

JSON