cbcvebase.
CVE-2016-1000123
published 2016-10-06

CVE-2016-1000123: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.63%
88.1th percentile
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

Affected

1 ranges
VendorProductVersion rangeFixed in
huge-itvideo_gallery

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://server/components/com_videogallerylite/ajax_url.php
path/components/com_videogallerylite/ajax_url.php
commandpage=1&galleryid=-3390 OR 1 GROUP BY CONCAT(0x716b766271,(SELECT (CASE WHEN (2575=2575) THEN 1 ELSE 0 END)),0x7170767071,FLOOR(RAND(0)*2)) HAVING MIN(0)#&task=load_videos_content&perpage=20&linkbutton=2
commandpage=1&galleryid=(CASE WHEN (5952=5952) THEN SLEEP(5) ELSE 5952 END)&task=load_videos_content&perpage=20&linkbutton=2
filenameajax_url.php
  • A high rate of HTTP 500 Internal Server Error responses from the target endpoint during a short window is a strong indicator of active sqlmap-driven exploitation of this vulnerability.
  • The vulnerability is unauthenticated — no session cookie or login is required. Any source IP sending POST data with SQL payloads in 'galleryid' to ajax_url.php should be treated as malicious.
  • ·The vulnerable file ajax_url.php is directly web-accessible and bypasses Joomla's normal component routing, meaning standard Joomla access-control checks do not apply to it.
  • ·The fix was introduced in v1.1.0; installations still running v1.0.9 of com_videogallerylite remain fully exposed to unauthenticated exploitation.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.