CVE-2010-5044
published 2011-11-02CVE-2010-5044: SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public…
PriorityP335medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
0.98%
57.9th percentile
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kanich | com_searchlog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sphider Script - Remote Code Execution
exploitdb·2010-06-06
CVE-2010-5044 Sphider Script - Remote Code Execution
Sphider Script - Remote Code Execution
---
# Sphider Script Remote Code Execution
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 #################################### 1
0 I'm XroGuE member from Inj3ct0r Team 1
1 #################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
########################################################################
# Name: Sphider Script Remote Code Execution
# Vendor: http://www.sphider.e
Exploit-DB
Joomla! Component Search Log 3.1.0 - SQL Injection
exploitdb·2010-06-06
CVE-2010-5044 Joomla! Component Search Log 3.1.0 - SQL Injection
Joomla! Component Search Log 3.1.0 - SQL Injection
---
#Exploit Title: Joomla Component com_searchlog SQL Injection
#Date: 05/06/2010
#Author: d0lc3 d0lc3x[at]gmail[dom]com
#Software Link: http://www.kanich.net/radio/site/searchlog/searchlog-download
#Version: 3.1.0
#Tested on: Linux ubuntu32 2.6.32-22-generic x64
#Summary:
Good nights, at this occassion we have other not-saned POST variable on
administrator/components/com_searchlog/models/log.php, line 30:
...
$search = $mainframe->getUserStateFromRequest($option . '.search', 'search', '', 'string'); //wtf!?
$this->filter_actid = $mainframe->getUserStateFromRequest($option .'actid','actid',0,'int');
$data->search = JString::strtolower($search); //wtf!?
$callbase = JRequest::getInt('callbase', 1);
$newact =JRequest::getString('ne
No writeups or analysis indexed.
http://osvdb.org/65185http://secunia.com/advisories/40055http://www.exploit-db.com/exploits/13746/http://www.securityfocus.com/bid/40588http://www.vupen.com/english/advisories/2010/1363https://exchange.xforce.ibmcloud.com/vulnerabilities/59152http://osvdb.org/65185http://secunia.com/advisories/40055http://www.exploit-db.com/exploits/13746/http://www.securityfocus.com/bid/40588http://www.vupen.com/english/advisories/2010/1363https://exchange.xforce.ibmcloud.com/vulnerabilities/59152
2011-11-02
Published