CVE-2009-4099

Google Calendar GCalendar <2.1.4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4099. PoCs published by Yogyacarderlink Crew.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Joomla's com_gcalendar component (version 1.1.2). It injects a UNION-based SQL query to extract usernames and password hashes from the jos_users table.

Description

SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yogyacarderlink Crew · textwebappsphp

https://www.exploit-db.com/exploits/10232

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Joomla's com_gcalendar component (version 1.1.2). It injects a UNION-based SQL query to extract usernames and password hashes from the jos_users table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_gcalendar 1.1.2

No auth needed

Prerequisites: Target running Joomla with vulnerable com_gcalendar component · Network access to the target

MITRE ATT&CK