SQL Injection Vulnerability in JExtensions JE Directory Component for Joomla!
CVE-2010-4862

Currently unrated

Key Information:

Vendor: Harmistechnology
Status: Com Jedirectory
Vendor: CVE Published:; 5 October 2011

🔔 Create Harmistechnology Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2010-4862?

The JExtensions JE Directory component for Joomla! contains an SQL injection vulnerability that allows attackers to manipulate SQL queries by exploiting the catid parameter through an item action to index.php. This can lead to unauthorized access to the database, allowing remote attackers to execute arbitrary SQL commands and potentially gain sensitive information or compromise the integrity of the application. It is crucial for Joomla! users utilizing this component to apply security patches and implement best practices to protect against such vulnerabilities.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-4862 - Proof of Concept

References

http://secunia.com/advisories/41681

third-party-advisoryx_refsource_SECUNIA

http://www.exploit-db.com/exploits/15163

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/43630

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 5, 2011
👾
Exploit known to exist
Oct 5, 2011
Vulnerability published
Oct 5, 2011
Vulnerability Reserved
Oct 4, 2011

CVE-2010-4862 Data

JSON