Published: 26/01/2014 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

SQL injection vulnerability in the JV Comment (com_jvcomment) component prior to 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joomla com_jvcomment 3.0.2

Advisory ID: HTB23195 Product: JV Comment Joomla Extension Vendor: joomlavicom Vulnerable Version(s): 302 and probably prior Tested Version: 302 Advisory Publication: January 2, 2014 [without technical details] Vendor Notification: January 2, 2014 Vendor Patch: January 14, 2014 Public Disclosure: January 23, 2014 Vulnerability Type: SQL I ...

Joomla JV Comment extension version 302 suffers from a remote SQL injection vulnerability ...

CWE-79 http://www.osvdb.org/101960 http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394 https://www.htbridge.com/advisory/HTB23195 http://www.securityfocus.com/bid/64661 http://www.exploit-db.com/exploits/31175 https://exchange.xforce.ibmcloud.com/vulnerabilities/90532 http://www.securityfocus.com/archive/1/530872/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31175/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0794

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect