CVE-2015-2798

CRITICAL

Contact Form Maker 1.0.1 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2798. PoCs published by TUNISIAN CYBER.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Joomla Contact Form Maker v1.0.1 by injecting an SQL payload into the 'id' parameter of the URL. This allows an attacker to manipulate the SQL query executed by the application.

Description

SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC

by TUNISIAN CYBER · textwebappsphp

https://www.exploit-db.com/exploits/36561

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in Joomla Contact Form Maker v1.0.1 by injecting an SQL payload into the 'id' parameter of the URL. This allows an attacker to manipulate the SQL query executed by the application.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla Contact Form Maker v1.0.1

No auth needed

Prerequisites: Access to the target Joomla instance with the vulnerable component installed

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/73903

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/36561/

Scores

CVSS v3 9.8

EPSS 0.0100

EPSS Percentile 77.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

web-dorado/contact_form_maker 1.0.1

Published Jul 25, 2017

Tracked Since Feb 18, 2026