CVE-2010-5032
published 2011-11-02CVE-2010-5032: SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.73%
74.8th percentile
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tamlyncreative | com_bfquiztrial | <= 1.3.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component BF Quiz 1.0 - SQL Injection (2)
exploitdb·2010-05-29
CVE-2010-5032 Joomla! Component BF Quiz 1.0 - SQL Injection (2)
Joomla! Component BF Quiz 1.0 - SQL Injection (2)
---
#!/usr/bin/python
# Joomla Component BF Quiz SQL Injection Exploit
# by Valentin Hoebel ([email protected])
# Version 1.0 (29th May 2010)
# ASCII FOR BREAKFAST
# About the vulnerability:
# ----------------------------------------------------------------------------
# Read more here:
# http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txt
# About the exploit:
# ----------------------------------------------------------------------------
# Tries to give you the admin password hash!
# Usage example:
# python joomla_com_bfquiz_sploit.py - u "http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34"
# This tool war written for educational purposes only. I am not responsible for any damage
# you might caus
Exploit-DB
Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)
exploitdb·2010-05-28
CVE-2010-5032 Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)
Joomla! Component BF Quiz 1.3.0 - SQL Injection (1)
---
# Exploit Title: Joomla Component BF Quiz SQL Injection Vulnerability
# Date: 29th May 2010
# Author: Valentin
# Category: webapps/0day
# Version: 1.3.0
# Tested on: Debian, Apache2, MySQL 5
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Joomla Component BF Quiz SQL Injection Vulnerability
Author = Valentin Hoebel
Contact = [email protected]
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = BF Quiz
Vendor = Tamlyn Creative Pty Ltd
Vendor Website = http://www.tamlyncreative.com/software/
Affected Version(s) = 1.3.0
[:::::::::::::::::::::::::::::::::::::: 0x3 :::
No writeups or analysis indexed.
http://osvdb.org/65001http://packetstormsecurity.org/1005-exploits/joomla_com_bfquiz_sploit.py.txthttp://secunia.com/advisories/39960http://www.packetstormsecurity.org/1005-exploits/joomlabfquiz-sql.txthttp://www.securityfocus.com/bid/40435http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0http://www.vupen.com/english/advisories/2010/1272http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/58979http://osvdb.org/65001http://packetstormsecurity.org/1005-exploits/joomla_com_bfquiz_sploit.py.txthttp://secunia.com/advisories/39960http://www.packetstormsecurity.org/1005-exploits/joomlabfquiz-sql.txthttp://www.securityfocus.com/bid/40435http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0http://www.vupen.com/english/advisories/2010/1272http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/58979
2011-11-02
Published