CVE-2008-2568

Joomla com_simpleshop < 3.4 - SQL Injection via catid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2568. PoCs published by eXeCuTeR, His0k4.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Joomla's com_simpleshop component. It allows an attacker to extract user credentials (username and password) from the jos_users table via a crafted URL.

Description

SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by eXeCuTeR · textwebappsphp
https://www.exploit-db.com/exploits/5833

This exploit demonstrates a SQL injection vulnerability in Joomla's com_simpleshop component. It allows an attacker to extract user credentials (username and password) from the jos_users table via a crafted URL.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla with com_simpleshop component
No auth needed
Prerequisites: Joomla installation with com_simpleshop component enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by His0k4 · textwebappsphp
https://www.exploit-db.com/exploits/5743

This is a SQL injection exploit for the Joomla simpleshop component. It demonstrates how to inject malicious SQL queries via the 'catid' parameter to extract sensitive information such as usernames and passwords from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla simpleshop component
No auth needed
Prerequisites: Joomla installation with simpleshop component · Access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30461
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29565
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5743
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5833
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42871

Scores

EPSS 0.0105
EPSS Percentile 59.8%

Details

CWE
CWE-89
Status published
Products (2)
joomla/com_simpleshop < 3.4
joomla/joomla
Published Jun 06, 2008
Tracked Since Feb 18, 2026