CVE-2016-10114

CRITICAL

aWeb Cart Watching System <2.6.1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.

Exploits (1)

exploitdb WORKING POC

by qemm · textwebappsphp

https://www.exploit-db.com/exploits/40973

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/qemm/joomlasqli

[Third Party Advisory] https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95293

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40973/

Scores

CVSS v3 9.8

EPSS 0.0055

EPSS Percentile 68.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

awebsupport/aweb_cart_watching_system_for_virtuemart 2.6.0

Published Jan 04, 2017

Tracked Since Feb 18, 2026