CVE-2010-1873
published 2010-05-12CVE-2010-1873: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.05%
85.9th percentile
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jvehicles | com_jvehicles | — | — |
| jvehicles | com_jvehicles | — | — |
| jvehicles | com_jvehicles | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Jvehicles 1.0/2.0 - 'aid' SQL Injection
exploitdb·2010-04-13
CVE-2010-1873 Joomla! Component Jvehicles 1.0/2.0 - 'aid' SQL Injection
Joomla! Component Jvehicles 1.0/2.0 - 'aid' SQL Injection
---
/**************************************************************************
[!] Joomla Component Jvehicles (aid) SQL Injection Vulnerability
[!] Author : Don Tukulesto ([email protected])
[!] Homepage : http://indonesiancoder.com
[!] Date : Mon, April 12, 2010
[!] Tune in : http://antisecradio.fm (choose your weapon)
**************************************************************************/
[ Software Information ]
[>] Vendor : http://www.jvehicles.com
[>] Download : http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=fileinfo&id=6〈=en
[>] Version : 1.0 and 2.0
[>] License : GPL
[>] Type : Non-Commercial
[>] Method : SQL Injection
[ Proof of Concept ]
http://server/path/index.php?option=com_jv
Exploit-DB
Joomla! Component Jvehicles - Local File Inclusion
exploitdb·2010-04-01
CVE-2010-1873 Joomla! Component Jvehicles - Local File Inclusion
Joomla! Component Jvehicles - Local File Inclusion
---
Joomla Component Jvehicles Local File Inclusion
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : [email protected]
Date : 31 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Jvehicles
version : 1.0
Developer : este8an
License : GPL type : Non-Commercial
Date Added : 5 May 2009
Download : http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=select&id=2&orderby=3〈=en
Description :
Derivation of a popular component com_properties (for Estate Agent) .
This component is to manage vehicles. With the same functionality.
file error : components/com_jvehicles/jvehicles.php
how to exp
No writeups or analysis indexed.
http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerabilityhttp://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txthttp://secunia.com/advisories/39401http://www.exploit-db.com/exploits/12190http://www.osvdb.org/63669http://www.securityfocus.com/bid/39409https://exchange.xforce.ibmcloud.com/vulnerabilities/57774http://indonesiancoder.org/joomla-component-jvehicles-aid-sql-injection-vulnerabilityhttp://packetstormsecurity.org/1004-exploits/joomlajvehicles-sql.txthttp://secunia.com/advisories/39401http://www.exploit-db.com/exploits/12190http://www.osvdb.org/63669http://www.securityfocus.com/bid/39409https://exchange.xforce.ibmcloud.com/vulnerabilities/57774
2010-05-12
Published