CVE-2009-4628

Joomla! com_tpdugg 1.1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NoGe · perlwebappsphp

https://www.exploit-db.com/exploits/9602

View Code ZIP pw:eip

References (8)

[Exploit] http://evilc0de.blogspot.com/2009/09/tpdugg-joomla-component-11-blind-sql.html

[Vendor Advisory] http://secunia.com/advisories/36656

[Patch] http://www.templateplazza.com/extensions-updates/tpdugg-component-update-v-1.1.1.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2610

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36321

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9602

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53108

[Third Party Advisory, VDB Entry] http://osvdb.org/57894

Scores

EPSS 0.0359

EPSS Percentile 87.6%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

templateplaza/com_tpdugg

Timeline

Published Jan 18, 2010

Tracked Since Feb 18, 2026