CVE-2009-3446

com_mytube 1.0 Beta - SQL Injection via user_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3446. PoCs published by Chip d3 bi0s.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in the Joomla component com_mytube (CVE-2009-3446) to extract user passwords from the jos_users table. It uses time-based and boolean-based techniques to infer data.

Description

SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Chip d3 bi0s · perlwebappsmultiple

https://www.exploit-db.com/exploits/9733

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in the Joomla component com_mytube (CVE-2009-3446) to extract user passwords from the jos_users table. It uses time-based and boolean-based techniques to infer data.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla com_mytube 1.0 Beta

No auth needed

Prerequisites: Target must have the vulnerable com_mytube component installed · Attacker must know the path to the Joomla installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36470

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9733

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/53401

Scores

EPSS 0.0099

EPSS Percentile 57.7%

Details

CWE

CWE-89

Status published

Products (1)

rick_estrada/com_mytube 1.0_beta

Published Sep 28, 2009

Tracked Since Feb 18, 2026