CVE-2014-7981

Joomla! 3.1.x-3.2.x - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-7981. Includes Metasploit module auxiliary/gather/joomla_weblinks_sqli.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated SQL injection vulnerability in Joomla versions 3.2.2 and below, allowing arbitrary file reads via the `LOAD_FILE` function if the MySQL user has the necessary permissions. The exploit uses a UNION-based SQL injection to extract file contents from the server.

Description

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Exploits (1)

metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/joomla_weblinks_sqli.rb

This Metasploit module exploits an unauthenticated SQL injection vulnerability in Joomla versions 3.2.2 and below, allowing arbitrary file reads via the `LOAD_FILE` function if the MySQL user has the necessary permissions. The exploit uses a UNION-based SQL injection to extract file contents from the server.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Joomla <= 3.2.2
No auth needed
Prerequisites: Joomla weblinks-categories component enabled · MySQL user with LOAD_FILE permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.0878
EPSS Percentile 94.5%

Details

CWE
CWE-89
Status published
Products (10)
joomla/joomla\! 3.1.0
joomla/joomla\! 3.1.1
joomla/joomla\! 3.1.2
joomla/joomla\! 3.1.3
joomla/joomla\! 3.1.4
joomla/joomla\! 3.1.5
joomla/joomla\! 3.1.6
joomla/joomla\! 3.2.0
joomla/joomla\! 3.2.1
joomla/joomla\! 3.2.2
Published Oct 08, 2014
Tracked Since Feb 18, 2026