CVE-2011-5099
published 2012-08-14CVE-2011-5099: SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.28%
66.3th percentile
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chillcreations | ccnewsletter | 2.0.0 – 2.2.4 | — |
| chillcreations | mod_ccnewsletter | — | — |
| chillcreations | mod_ccnewsletter | — | — |
| chillcreations | mod_ccnewsletter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3938-v8r3-qpfh: SQL injection vulnerability in helper/popup
ghsa_unreviewed·2022-05-17
CVE-2011-5099 [HIGH] CWE-89 GHSA-3938-v8r3-qpfh: SQL injection vulnerability in helper/popup
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
GHSA
GHSA-h3vw-wpcp-q82j: SQL Injection exists in the ccNewsletter 2
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-5989 [HIGH] CWE-89 GHSA-h3vw-wpcp-q82j: SQL Injection exists in the ccNewsletter 2
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.htmlhttp://secunia.com/advisories/48934http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.htmlhttp://www.securityfocus.com/bid/53208https://exchange.xforce.ibmcloud.com/vulnerabilities/75112http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.htmlhttp://secunia.com/advisories/48934http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.htmlhttp://www.securityfocus.com/bid/53208https://exchange.xforce.ibmcloud.com/vulnerabilities/75112
2012-08-14
Published