CVE-2009-0378

Joomla! com_beamospetition 1.0.12 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0378. PoCs published by vds_s.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in Joomla component beamospetition 1.0.12. The SQL injection allows retrieval of user credentials, while the XSS enables arbitrary script execution.

Description

Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vds_s · textwebappsphp

https://www.exploit-db.com/exploits/7847

View Code ZIP pw:eip

This exploit demonstrates SQL injection and XSS vulnerabilities in Joomla component beamospetition 1.0.12. The SQL injection allows retrieval of user credentials, while the XSS enables arbitrary script execution.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Joomla beamospetition component 1.0.12

No auth needed

Prerequisites: Target running Joomla with beamospetition 1.0.12

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500250/100/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7847

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33391

Scores

EPSS 0.0023

EPSS Percentile 45.2%

Details

CWE

CWE-79

Status published

Products (1)

joomla/com_beamospetition 1.0.12

Published Feb 02, 2009

Tracked Since Feb 18, 2026