CVE-2014-0794

JV Comment (com_jvcomment) < 3.0.3 - Authenticated SQL Injection via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0794. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This advisory details a SQL injection vulnerability (CVE-2014-0794) in the JV Comment Joomla Extension, specifically in the 'id' HTTP POST parameter. The provided PoC demonstrates how an authenticated attacker can exploit this to execute arbitrary SQL commands, such as retrieving the MySQL database version.

Description

SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.

Exploits (1)

exploitdb WRITEUP
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/31175

This advisory details a SQL injection vulnerability (CVE-2014-0794) in the JV Comment Joomla Extension, specifically in the 'id' HTTP POST parameter. The provided PoC demonstrates how an authenticated attacker can exploit this to execute arbitrary SQL commands, such as retrieving the MySQL database version.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: JV Comment Joomla Extension 3.0.2 and prior
Auth required
Prerequisites: Authenticated access to the Joomla application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64661
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90532
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/530872/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/101960
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31175
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23195

Scores

EPSS 0.0139
EPSS Percentile 69.0%

Details

CWE
CWE-79
Status published
Products (1)
joomla/com_jvcomment 3.0.2
Published Jan 26, 2014
Tracked Since Feb 18, 2026