CVE-2014-4960

Joomla! com_youtubegallery <4.1.7 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4960. PoCs published by Pham Van Khanh.

AI-analyzed exploit summary The exploit describes a SQL injection vulnerability in the Joomla component com_youtubegallery, where the 'listid' and 'themeid' parameters are not properly sanitized. The vulnerability allows an attacker to inject malicious SQL queries via the URL parameters.

Description

Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Pham Van Khanh · textwebappsphp
https://www.exploit-db.com/exploits/34087

The exploit describes a SQL injection vulnerability in the Joomla component com_youtubegallery, where the 'listid' and 'themeid' parameters are not properly sanitized. The vulnerability allows an attacker to inject malicious SQL queries via the URL parameters.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla component com_youtubegallery version 4.x (possibly 3.x)
No auth needed
Prerequisites: Access to the vulnerable Joomla component
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68676
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34087

Scores

EPSS 0.0235
EPSS Percentile 81.6%

Details

CWE
CWE-89
Status published
Products (22)
joomlaboat/com_youtubegallery 3.9.0
joomlaboat/com_youtubegallery 3.9.2
joomlaboat/com_youtubegallery 3.9.3
joomlaboat/com_youtubegallery 3.9.4
joomlaboat/com_youtubegallery 3.9.5
joomlaboat/com_youtubegallery 3.9.6
joomlaboat/com_youtubegallery 3.9.7
joomlaboat/com_youtubegallery 3.9.8
joomlaboat/com_youtubegallery 3.9.9
joomlaboat/com_youtubegallery 4.0.0
... and 12 more
Published Jul 21, 2014
Tracked Since Feb 18, 2026