CVE-2008-0689

Joomla com_marketplace 1.1.1 and 1.1.1-pl1 - SQL Injection via catid Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-0689. PoCs published by TR-ShaRk, SoSo H H.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the Joomla com_marketplace component, allowing an attacker to extract user credentials from the database via a crafted catid parameter.

Description

SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by TR-ShaRk · textwebappsphp

https://www.exploit-db.com/exploits/7097

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the Joomla com_marketplace component, allowing an attacker to extract user credentials from the database via a crafted catid parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_marketplace v1.3.1

No auth needed

Prerequisites: Joomla installation with com_marketplace component enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by SoSo H H · textwebappsphp

https://www.exploit-db.com/exploits/5055

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Joomla Component Marketplace versions 1.1.1 and 1.1.1-pl1. It provides an example exploit URL and payload but does not include executable code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla Component Marketplace 1.1.1 and 1.1.1-pl1

No auth needed

Prerequisites: target running vulnerable Joomla Component Marketplace

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27600

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5055

Scores

EPSS 0.0094

EPSS Percentile 56.2%

Details

CWE

CWE-89

Status published

Products (2)

joomla/com_marketplace 1.1.1

joomla/com_marketplace 1.1.1-pl1

Published Feb 12, 2008

Tracked Since Feb 18, 2026