Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-17254

Published: 20/09/2018 Updated: 17/03/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Arkextensions

Vulnerability Summary

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

arkextensions jck editor 6.4.4

Exploits

Exploit DB: Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
# Title: Joomla Component JCK Editor 644 - 'parent' SQL Injection # Date: 2018-09-14 # Exploit Author: Hamza Megahed # Vendor Homepage:wwwjoomlaorg/ # Download: arkextensionscom/products/jck-editor # Version: 644 # Tested on: Ubuntu, FireFox, # CVE: N/A # Parameter = parent # Payload = " UNION SELECT NULL,NULL,@@version,NULL ...
Exploit DB: Joomla JCK Editor 6.4.4 SQL Injection
Joomla JCK Editor plugin version 644 remote SQL injection exploit ...

Github Repositories

https://github.com/Nickguitar/Joomla-JCK-Editor-6.4.4-SQL-Injection

Exploit for Joomla JCK Editor 6.4.4 (CVE-2018-17254)

Joomla-JCK-Editor-644-SQL-Injection The JCK Editor Jtreelink plugin for Joomla! fails to correctly parse the user inputs, allowing SQL Injection This exploit takes advantage of this security flaw and dump the administrators credentials and possibly upload a PHP RCE shell Exploit Title: Joomla JCK Editor 644 SQL Injection Google Dork: inurl:/plugins/editors/jckeditor/plugi

https://github.com/FachrulRH/jckeditor

Tools SQL Injection for CVE 2018-17254: Joomla Component JCKeditor 6.4.4 - 'parent' SQL Injection

JCKEDITOR Tools SQL Injection for CVE 2018-17254: Joomla Component JCKeditor 644 - 'parent' SQL Injection How to use python3 jckeditorpy then insert the target website

https://github.com/MataKucing-OFC/CVE-2018-17254

Joomla JCK Editor 6.4.4 - 'parent' SQL Injection

CVE-2018-17254 # Exploit Title: Joomla JCK Editor 644 - 'parent' SQL Injection> # Go

References

CWE-89https://www.exploit-db.com/exploits/45423/http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/45423/https://github.com/Nickguitar/Joomla-JCK-Editor-6.4.4-SQL-Injection
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook