qw3rTyTy

11 exploits Active since May 2026
CVE-2023-54357 EXPLOITDB HIGH python WORKING POC
Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration
Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration.
CVSS 7.5
CVE-2019-25740 EXPLOITDB MEDIUM text WORKING POC
Joomla com_jsjobs 1.2.6 Arbitrary File Deletion
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
CVSS 6.5
CVE-2020-37219 EXPLOITDB HIGH text WORKING POC
Joomla com_fabrik 3.9.11 Directory Traversal via image.php
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.
CVSS 7.5
CVE-2020-37218 EXPLOITDB HIGH text WRITEUP
Joomla com_hdwplayer 4.2 SQL Injection via search.php
Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer_videos table.
CVSS 8.2
EIP-2026-108761 EXPLOITDB text WORKING POC
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
EIP-2026-108763 EXPLOITDB text WORKING POC
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection
EIP-2026-108762 EXPLOITDB text WORKING POC
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion
EIP-2026-108757 EXPLOITDB text WORKING POC
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection
EIP-2026-108758 EXPLOITDB text WRITEUP
Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection
EIP-2026-108760 EXPLOITDB text WORKING POC
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
EIP-2026-108193 EXPLOITDB text WORKING POC
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload