CVE-2010-1873

com_jvehicles 1.0, 2.0, and 2.1111 - SQL Injection via aid Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1873. PoCs published by Don Tukulesto, Chip d3 bi0s.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in the Joomla component Jvehicles. It provides a proof-of-concept URL demonstrating the vulnerability but does not include executable exploit code.

Description

SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Don Tukulesto · textwebappsphp

https://www.exploit-db.com/exploits/12190

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in the Joomla component Jvehicles. It provides a proof-of-concept URL demonstrating the vulnerability but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla Component Jvehicles 1.0 and 2.0

No auth needed

Prerequisites: Access to the vulnerable Joomla component URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Chip d3 bi0s · textwebappsphp

https://www.exploit-db.com/exploits/11997

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in the Joomla component Jvehicles 1.0. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'controller' parameter in the URL.

Classification

Working Poc 90%