CVE-2009-3971

jtips com_jtips - SQL Injection via Season Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3971. PoCs published by Chip d3 bi0s.

AI-analyzed exploit summary This is a writeup describing a blind SQL injection vulnerability in the Joomla component com_jtips. It provides examples of exploit URLs and demonstrates the vulnerability by showing true/false responses based on SQL conditions.

Description

SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Chip d3 bi0s · textwebappsphp
https://www.exploit-db.com/exploits/9504

This is a writeup describing a blind SQL injection vulnerability in the Joomla component com_jtips. It provides examples of exploit URLs and demonstrates the vulnerability by showing true/false responses based on SQL conditions.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla com_jtips component (versions 1.0.7, 1.0.9)
No auth needed
Prerequisites: Access to the vulnerable Joomla component URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36123
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9504
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2405

Scores

EPSS 0.0096
EPSS Percentile 56.9%

Details

CWE
CWE-89
Status published
Products (2)
jtips/com_jtips 1.0.7
jtips/com_jtips 1.0.9
Published Nov 18, 2009
Tracked Since Feb 18, 2026