CVE-2010-1720

com_qpersonel < 1.0.2 - SQL Injection via katid Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1720. PoCs published by Valentin Hoebel, Valentin.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Joomla's com_qpersonel component (CVE-2010-1720). It automates the discovery of the correct number of columns for a UNION-based SQLi attack and extracts user data from the Joomla database.

Description

SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Valentin Hoebel · pythonwebappsphp

https://www.exploit-db.com/exploits/12723

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Joomla's com_qpersonel component (CVE-2010-1720). It automates the discovery of the correct number of columns for a UNION-based SQLi attack and extracts user data from the Joomla database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla with com_qpersonel component

No auth needed

Prerequisites: Vulnerable Joomla installation with exposed com_qpersonel component

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Valentin · textwebappsphp

https://www.exploit-db.com/exploits/12200

View Code ZIP pw:eip

This is a writeup detailing a SQL injection vulnerability in the Joomla QPersonel component. It provides an example URL with a UNION-based SQLi payload to extract database and user information.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla QPersonel component versions XSS security fix from 31.12.2009, 1.02 and before

No auth needed

Prerequisites: access to the vulnerable Joomla component URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/39466

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/12200

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/57775

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/63894

Various Sources x_refsource_misc

http://www.xenuser.org/documents/security/qpersonel_sql.txt

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/39445

Scores

EPSS 0.0116

EPSS Percentile 63.0%

Details

CWE

CWE-89

Status published

Products (1)

qproje/com_qpersonel < 1.0.2

Published May 04, 2010

Tracked Since Feb 18, 2026