CVE-2014-7981

Joomla! - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/joomla_weblinks_sqli.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] http://developer.joomla.org/security/578-20140301-core-sql-injection.html

Scores

EPSS 0.1434

EPSS Percentile 94.4%

Details

CWE

CWE-89

Status published

Products (10)

joomla/joomla\! 3.1.0

joomla/joomla\! 3.1.1

joomla/joomla\! 3.1.2

joomla/joomla\! 3.1.3

joomla/joomla\! 3.1.4

joomla/joomla\! 3.1.5

joomla/joomla\! 3.1.6

joomla/joomla\! 3.2.0

joomla/joomla\! 3.2.1

joomla/joomla\! 3.2.2

Published Oct 08, 2014

Tracked Since Feb 18, 2026