CVE-2010-1720
published 2010-05-04CVE-2010-1720: SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.2th percentile
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qproje | com_qpersonel | <= 1.0.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Q-Personel 1.0 - SQL Injection
exploitdb·2010-05-24
CVE-2010-1720 Joomla! Component Q-Personel 1.0 - SQL Injection
Joomla! Component Q-Personel 1.0 - SQL Injection
---
#!/usr/bin/python
# Joomla com_qpersonel SQL Injection Remote Exploit
# Version 1.0 (23th May 2010 (public release)
# By Valentin Hoebel ([email protected])
# ASCII FOR BREAKFAST
#
# EXPLOIT BASED ON MY COLUMN FUZZER
# Fuzzer was enhanced so it serves as a Joomla Exploiter template
#
# About the Vulnerability:
# ------------------------------------------------------------------------
# http://www.xenuser.org/documents/security/qpersonel_sql.txt
#
# About the Exploit:
# ------------------------------------------------------------------------
# Exploits the SQL injection vulnerability I discovered
# on 13th April 2010.
#
# Copy, modify, distribute and share the code as you like!
# Warning: I am not responsible for any damage you migh
Exploit-DB
Joomla! Component QPersonel 1.0.2 - SQL Injection
exploitdb·2010-04-13
CVE-2010-1720 Joomla! Component QPersonel 1.0.2 - SQL Injection
Joomla! Component QPersonel 1.0.2 - SQL Injection
---
# Exploit Title: Joomla Component QPersonel SQL Injection Vulnerability
# Date: 13.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: XSS security fix from 31.12.2009, 1.02 and before
# Tested on: Debian Lenny, MySQL 5
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|:: >> General Information
|:: Advisory/Exploit Title = Joomla Component QPersonel SQL Injection Vulnerability
|:: By = Valentin Hoebel
|:: Contact = [email protected]
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|:: >> Product information
|:: Name = QPersonel
|:: Vendor = Q-PROJE
|:: Vendor Website = http://www.qproje.com/
|:: Affected Versions = XSS securi
No writeups or analysis indexed.
http://osvdb.org/63894http://secunia.com/advisories/39445http://www.exploit-db.com/exploits/12200http://www.securityfocus.com/bid/39466http://www.xenuser.org/documents/security/qpersonel_sql.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/57775http://osvdb.org/63894http://secunia.com/advisories/39445http://www.exploit-db.com/exploits/12200http://www.securityfocus.com/bid/39466http://www.xenuser.org/documents/security/qpersonel_sql.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/57775
2010-05-04
Published