CVE-2010-2847
published 2010-07-25CVE-2010-2847: Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.99%
78.2th percentile
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gonzalo_maser | com_artforms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
exploitdb·2010-07-07
CVE-2010-2848 Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
---
ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities
Name ArtForms
Vendor http://joomlacode.org/gf/project/jartforms/
Versions Affected 2.1b7.2 RC2
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-07-07
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX
I. ABOUT THE APPLICATION
ArtForms is a popular Joomla component.
The ArtForms component is a package for an easy From
Generator for Joomla 1.0.xx. It allows you to generate
as much Forms as you like, you can define all fields
that you need and also make file upload and attachment
possible.
II. DESCRIPTION
Some parameters are
Exploit-DB
Barracuda - IMG.pl Remote Command Execution (Metasploit)
exploitdb·2010-04-30
CVE-2005-2847 Barracuda - IMG.pl Remote Command Execution (Metasploit)
Barracuda - IMG.pl Remote Command Execution (Metasploit)
---
##
# $Id: barracuda_img_exec.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Barracuda IMG.PL Remote Command Execution',
'Description' => %q{
This module exploits an arbitrary command execution vulnerability in the
Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
},
'Author' => [ 'Nicolas Gregoire ', 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9179 $',
'References' =>
[
['CVE', '2005-2847'],
['OSVDB',
No writeups or analysis indexed.
http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txthttp://www.exploit-db.com/exploits/14263http://www.securityfocus.com/archive/1/512215/100/0/threadedhttp://www.securityfocus.com/bid/41457https://exchange.xforce.ibmcloud.com/vulnerabilities/60160http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txthttp://www.exploit-db.com/exploits/14263http://www.securityfocus.com/archive/1/512215/100/0/threadedhttp://www.securityfocus.com/bid/41457https://exchange.xforce.ibmcloud.com/vulnerabilities/60160
2010-07-25
Published