CVE-2014-0794
JV Comment (com_jvcomment) < 3.0.3 - Authenticated SQL Injection via id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-0794. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This advisory details a SQL injection vulnerability (CVE-2014-0794) in the JV Comment Joomla Extension, specifically in the 'id' HTTP POST parameter. The provided PoC demonstrates how an authenticated attacker can exploit this to execute arbitrary SQL commands, such as retrieving the MySQL database version.
Description
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
Exploits (1)
This advisory details a SQL injection vulnerability (CVE-2014-0794) in the JV Comment Joomla Extension, specifically in the 'id' HTTP POST parameter. The provided PoC demonstrates how an authenticated attacker can exploit this to execute arbitrary SQL commands, such as retrieving the MySQL database version.