CVE-2016-10114

CRITICAL

aWeb Cart Watching System <2.6.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10114. PoCs published by qemm.

AI-analyzed exploit summary This exploit demonstrates a SQL blind time-based injection vulnerability in Joomla's VirtueMart component with aweb-cartwatching-system <= 2.6.0. The PoC uses a crafted URL with a SLEEP function to confirm the vulnerability.

Description

SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.

Exploits (1)

exploitdb WORKING POC
by qemm · textwebappsphp
https://www.exploit-db.com/exploits/40973

This exploit demonstrates a SQL blind time-based injection vulnerability in Joomla's VirtueMart component with aweb-cartwatching-system <= 2.6.0. The PoC uses a crafted URL with a SLEEP function to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: aweb-cartwatching-system <= 2.6.0
No auth needed
Prerequisites: Joomla with VirtueMart and aweb-cartwatching-system <= 2.6.0 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95293
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40973/

Scores

CVSS v3 9.8
EPSS 0.0055
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
awebsupport/aweb_cart_watching_system_for_virtuemart 2.6.0
Published Jan 04, 2017
Tracked Since Feb 18, 2026