CVE-2010-4795

JS Calendar (com_jscalendar) 1.5.1-1.5.4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4795. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary The document details SQL injection and XSS vulnerabilities in JS Calendar 1.5.1 for Joomla, providing technical analysis and sample exploit URLs. It lacks functional exploit code but includes specific technical details about the vulnerabilities.

Description

SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/15224

View Code ZIP pw:eip

The document details SQL injection and XSS vulnerabilities in JS Calendar 1.5.1 for Joomla, providing technical analysis and sample exploit URLs. It lacks functional exploit code but includes specific technical details about the vulnerabilities.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: JS Calendar 1.5.1 Joomla Component

No auth needed

Prerequisites: Access to the vulnerable Joomla component

MITRE ATT&CK