CVE-2009-3334

Lhacky! Extensions Cave Joomla! Integrated Newsletters Component 0.2 - SQL Injection via newsid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3334. PoCs published by Chip d3 bi0s.

AI-analyzed exploit summary This is a writeup describing a blind SQL injection vulnerability in the Joomla component com_jinc (JINC). The vulnerability affects version 0.2 and allows remote exposure of sensitive information via the 'newsid' parameter.

Description

SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Chip d3 bi0s · textwebappsmultiple

https://www.exploit-db.com/exploits/9732

View Code ZIP pw:eip

This is a writeup describing a blind SQL injection vulnerability in the Joomla component com_jinc (JINC). The vulnerability affects version 0.2 and allows remote exposure of sensitive information via the 'newsid' parameter.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Theoretical

Target: JINC (Joomla! Integrated Newsletters Component) 0.2

Auth required

Prerequisites: User registration on the target Joomla site

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9732

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36471

Scores

EPSS 0.0095

EPSS Percentile 56.6%

Details

CWE

CWE-89

Status published

Products (1)

lhacky/com_jinc 0.2

Published Sep 23, 2009

Tracked Since Feb 18, 2026