CVE-2007-4781
published 2007-09-10CVE-2007-4781: administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload…
PriorityP337medium6.6CVSS 2.0
AVNACHAuSCNICAC
EXPLOIT
EPSS
5.19%
91.4th percentile
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | joomla | — | — |
| joomla | joomla | — | — |
| joomla | joomla | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TEKUVA - Password Reminder Authentication Bypass
exploitdb·2009-11-21
CVE-2009-4781 TEKUVA - Password Reminder Authentication Bypass
TEKUVA - Password Reminder Authentication Bypass
---
#!/usr/bin/perl
# Exploit: TEKUVA Password Reminder Authentication Bypass
# Date: [11/19/2009]
# Author: iqlusion [[email protected]]
# Software Link: http://download.cnet.com/Password-Reminder/3000-2064_4-10966598.html
# Version: 1.0.0.1
# Info: TEKUVA Password Reminder is a password vault that allows you to store all
# your credentials in one spot and all you have to remember is a single 'main'
# password to access your vault. Unfortunately, the vault is actually an
# Access 2007 database that is protected by a password which is hard coded into
# the program, not your main password.
#
# This script connects to the database using the hard coded db password and dumps
# everything into an HTML table, bypassing the need to enter th
Exploit-DB
Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
exploitdb·2007-09-01
CVE-2007-4781 Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
---
#!/usr/bin/php -q -d short_open_tag=on
getPageParameters();
switch ($params->get('filter_type', 'title'))
{
case 'title' :
$where .= ' AND LOWER( a.title ) LIKE \'%'.$filter.'%\'';
break;
case 'author' :
$where .= ' AND ( ( LOWER( u.name ) LIKE \'%'.$filter.'%\' ) OR ( LOWER( a.created_by_alias ) LIKE \'%'.$filter.'%\' ) )';
break;
case 'hits' :
$where .= ' AND a.hits LIKE \'%'.$filter.'%\'';
break;
}
}
return $where;
Notes:
I found this in the first week of the 1.5 release, just wanted to see if nobody would realize
it was there and hopefully the same bug was about in FINAL, meh!
I must applaud the developers for their multi-factor authenication code they
added to the 1.5 version. For this reason I was unable to script a "login -> upl
No writeups or analysis indexed.
http://osvdb.org/45888http://www.securityfocus.com/bid/25508https://exchange.xforce.ibmcloud.com/vulnerabilities/36424https://www.exploit-db.com/exploits/4350http://osvdb.org/45888http://www.securityfocus.com/bid/25508https://exchange.xforce.ibmcloud.com/vulnerabilities/36424https://www.exploit-db.com/exploits/4350
2007-09-10
Published