CVE-2019-12765

CRITICAL

Joomla! 3.9.0-3.9.6 - CSV Injection in com_actionlogs Export

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12765. PoCs published by i4bdullah.

AI-analyzed exploit summary This exploit leverages a CSV injection vulnerability in Joomla 3.9.0 to 3.9.6 by registering a user with a malicious payload in the name field. When exported to CSV, the payload executes arbitrary commands (e.g., calc.exe) due to improper sanitization.

Description

An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.

Exploits (1)

exploitdb WORKING POC

by i4bdullah · pythonwebappsphp

https://www.exploit-db.com/exploits/48198

View Code ZIP pw:eip

This exploit leverages a CSV injection vulnerability in Joomla 3.9.0 to 3.9.6 by registering a user with a malicious payload in the name field. When exported to CSV, the payload executes arbitrary commands (e.g., calc.exe) due to improper sanitization.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla 3.9.0 < 3.9.7

No auth needed

Prerequisites: Access to the Joomla registration page · CSV export functionality enabled

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://developer.joomla.org/security-centre/783-20190601-core-csv-injection-in-com-actionlogs

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108736

Scores

CVSS v3 9.8

EPSS 0.1049

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

joomla/joomla\! 3.9.0 - 3.9.6

Published Jun 11, 2019

Tracked Since Feb 18, 2026