CVE-2008-6149
published 2009-02-16CVE-2008-6149: SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.2th percentile
SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlaapps | com_mdigg | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component mDigg 2.2.8 - SQL Injection
exploitdb·2011-07-01
CVE-2008-6149 Joomla! Component mDigg 2.2.8 - SQL Injection
Joomla! Component mDigg 2.2.8 - SQL Injection
---
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ |
\ ___/ > > |_( ) || | /_____/ | / /_/ |
\___ >__/\_ \| __/|____/\____/|__||__| |__\____ |
\/ \/|__| \/
Exploit-ID is the Exploit Information Disclosure
Web : exploit-id.com
e-mail : root[at]exploit-id[dot]com
#########################################
I'm Caddy-Dz, member of Exploit-Id
#########################################
####
# Exploit Title: joomla component SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com | Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: "Powered by joomla" inurl:link_id
# Category:: Webap
Exploit-DB
Joomla! Component mDigg 2.2.8 - 'category' SQL Injection
exploitdb·2008-12-24
CVE-2008-6149 Joomla! Component mDigg 2.2.8 - 'category' SQL Injection
Joomla! Component mDigg 2.2.8 - 'category' SQL Injection
---
#############################################################
Joomla Component com_mdigg(category) SQL-injection vulnerability
#############################################################
###################################################
#[~] Author : boom3rang
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability : SQL injection
#[~] Google Dork : inurl:com_mdigg
#[!] Name : mdigg
#[!] CreationDate : 10-12-2007
#[!] Author : Zhigang Lei
#[!] AuthorEmail : [email protected]
#[!] Version : 2.2.8
###################################################
Example:
http://localHost/path/index.php?option=com_mdigg&act=story_lists&task=view&category=[exploit]
Exploit:
-9999/**/union/
No writeups or analysis indexed.
http://secunia.com/advisories/33306http://www.osvdb.org/51005http://www.securityfocus.com/archive/1/499618/100/0/threadedhttp://www.securityfocus.com/bid/33009https://exchange.xforce.ibmcloud.com/vulnerabilities/47612https://www.exploit-db.com/exploits/7574http://secunia.com/advisories/33306http://www.osvdb.org/51005http://www.securityfocus.com/archive/1/499618/100/0/threadedhttp://www.securityfocus.com/bid/33009https://exchange.xforce.ibmcloud.com/vulnerabilities/47612https://www.exploit-db.com/exploits/7574
2009-02-16
Published