CVE-2010-4865

JE Guestbook (com_jeguestbook) 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4865. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary The document describes multiple vulnerabilities in JE Guestbook 1.0, including Local File Inclusion (LFI) and Blind SQL Injection (SQLi). It provides sample exploit URLs but does not include functional exploit code.

Description

SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/15157

View Code ZIP pw:eip

The document describes multiple vulnerabilities in JE Guestbook 1.0, including Local File Inclusion (LFI) and Blind SQL Injection (SQLi). It provides sample exploit URLs but does not include functional exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: JE Guestbook 1.0

No auth needed

Prerequisites: Joomla with JE Guestbook 1.0 installed

MITRE ATT&CK