CVE-2010-0795

JE Event Calendars (com_jeeventcalendar) 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0795. PoCs published by B-HUNT3|2.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Joomla's JE Event Calendar component. The PoC shows how an attacker can inject arbitrary SQL queries via the 'event_id' parameter to extract sensitive information such as user credentials and database details.

Description

SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by B-HUNT3|2 · textwebappsphp

https://www.exploit-db.com/exploits/11292

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Joomla's JE Event Calendar component. The PoC shows how an attacker can inject arbitrary SQL queries via the 'event_id' parameter to extract sensitive information such as user credentials and database details.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla JE Event Calendar 1.b0

No auth needed

Prerequisites: Access to the vulnerable Joomla instance · JE Event Calendar component installed

MITRE ATT&CK