CVE-2011-4570

Takeaweb Com Timereturns - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kaMtiEz · textwebappsphp

https://www.exploit-db.com/exploits/17944

View Code ZIP pw:eip

References (5)

[Exploit] http://osvdb.org/76268

[Vendor Advisory] http://secunia.com/advisories/46267

[Exploit] http://www.exploit-db.com/exploits/17944

[Exploit] http://www.securityfocus.com/bid/50026

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/70431

Scores

EPSS 0.0030

EPSS Percentile 52.8%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

takeaweb/com_timereturns

Timeline

Published Nov 29, 2011

Tracked Since Feb 18, 2026