CVE-2008-6881

com_livechat 1.0 - SQL Injection via last Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6881. PoCs published by jdc.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Joomla Live Chat component, specifically in 'getChat.php' and 'getSavedChatRooms.php' where the 'last' parameter is unsanitized. It also highlights an open proxy vulnerability in 'xmlhttp.php'.

Description

Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by jdc · textwebappsphp
https://www.exploit-db.com/exploits/7441

The exploit demonstrates SQL injection vulnerabilities in Joomla Live Chat component, specifically in 'getChat.php' and 'getSavedChatRooms.php' where the 'last' parameter is unsanitized. It also highlights an open proxy vulnerability in 'xmlhttp.php'.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla Live Chat component
No auth needed
Prerequisites: Access to the vulnerable Joomla Live Chat component
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32803
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7441
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33122
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47304

Scores

EPSS 0.0103
EPSS Percentile 59.1%

Details

CWE
CWE-89
Status published
Products (1)
joompolitan/com_livechat 1.0
Published Jul 30, 2009
Tracked Since Feb 18, 2026