CVE-2018-8045

HIGH LAB

Joomla! 3.5.0-3.8.5 - SQL Injection in User Notes List View

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8045. PoCs published by luckybool1020.

AI-analyzed exploit summary This PoC exploits a SQL injection vulnerability in Joomla's user notes component (CVE-2018-8045) by injecting a malicious payload into the `filter[category_id]` parameter. It verifies the vulnerability by checking for a specific MD5 hash in the error response.

Description

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

Exploits (1)

nomisec WORKING POC 4 stars
by luckybool1020 · poc
https://github.com/luckybool1020/CVE-2018-8045

This PoC exploits a SQL injection vulnerability in Joomla's user notes component (CVE-2018-8045) by injecting a malicious payload into the `filter[category_id]` parameter. It verifies the vulnerability by checking for a specific MD5 hash in the error response.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Joomla (versions affected by CVE-2018-8045)
Auth required
Prerequisites: Valid Joomla administrator credentials · Access to the Joomla administrator interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040540
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103402

Scores

CVSS v3 8.8
EPSS 0.2924
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/joomla:3.7.0

Details

CWE
CWE-89
Status published
Products (1)
joomla/joomla\! 3.5.0 - 3.8.5
Published Mar 15, 2018
Tracked Since Feb 18, 2026