Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1453 โ€” SQL Injection in Joomla !

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 84.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joomla !
Timeline
PublishedFeb 13
Latest updateMay 17

Description

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

โ–ถNVDjoomla/joomla_!12 versions+11

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-397m-73pj-3xm8: plugins/system/highlight/highlightโ†—2022-05-17
โ–ถ
CVEList
CVE-2013-1453: plugins/system/highlight/highlightโ†—2013-02-13
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
Joomla! 3.0.2 - 'highlight.php' PHP Object Injectionโ†—2013-02-27
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2013-2838 v8: Denial of service (out-of-bounds read) via unspecified vectorsโ†—2013-05-22
โ–ถ
CVE-2013-1453 โ€” SQL Injection in Joomla ! | cvebase