Description
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/39028
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://2glux.com/forum/sexypolling/sexy-polling-security-vulnerability-notification-t2026.html
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23193
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/530789/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90519
Scores
EPSS
0.0022
EPSS Percentile
45.0%
Details
CWE
CWE-89
Status
published
Products (14)
2glux/com_sexypolling
0.9.1
2glux/com_sexypolling
0.9.2
2glux/com_sexypolling
0.9.4
2glux/com_sexypolling
0.9.5
2glux/com_sexypolling
0.9.6
2glux/com_sexypolling
0.9.7
2glux/com_sexypolling
1.0.1
2glux/com_sexypolling
1.0.2
2glux/com_sexypolling
1.0.3
2glux/com_sexypolling
1.0.4
... and 4 more
Published
Jan 21, 2014
Tracked Since
Feb 18, 2026