CVE-2010-5044

Joomla! com_searchlog 3.1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-5044. PoCs published by XroGuE, d0lc3.

AI-analyzed exploit summary This exploit demonstrates a remote code execution vulnerability in Sphider 1.3.x due to improper input validation in the 'language' parameter in settings/conf.php. The vulnerability allows arbitrary command execution via a crafted GET request.

Description

SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC

by XroGuE · textwebappsphp

https://www.exploit-db.com/exploits/13745

View Code ZIP pw:eip

This exploit demonstrates a remote code execution vulnerability in Sphider 1.3.x due to improper input validation in the 'language' parameter in settings/conf.php. The vulnerability allows arbitrary command execution via a crafted GET request.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sphider 1.3.x

No auth needed

Prerequisites: Target must have Sphider 1.3.x installed with exposed settings/conf.php

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by d0lc3 · textwebappsphp

https://www.exploit-db.com/exploits/13746

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Joomla's com_searchlog component, specifically in the 'search' parameter. The PoC provides a clear example of how to inject malicious SQL queries via a POST request to exploit unsanitized input.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_searchlog component 3.1.0

Auth required

Prerequisites: Access to the Joomla administrator panel · Valid authentication credentials

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/59152

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1363

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/65185

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40588

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40055

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/13746/

Scores

EPSS 0.0098

EPSS Percentile 57.7%

Details

CWE

CWE-89

Status published

Products (1)

kanich/com_searchlog 3.1.0

Published Nov 02, 2011

Tracked Since Feb 18, 2026