Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0158

SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report.

Published

2010-01-06T22:00:12.730

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	joomlabamboo	jb_simpla	*	Yes
Application	joomla	joomla	*	No

References

http://packetstormsecurity.org/1001-exploits/joomlabamboo-sql.txt Exploit ([email protected])
http://www.attrition.org/pipermail/vim/2010-February/002319.html ([email protected])
http://www.attrition.org/pipermail/vim/2010-February/002320.html ([email protected])
http://www.exploit-db.com/exploits/10971 Exploit ([email protected])
http://www.securityfocus.com/bid/37579 Exploit ([email protected])
http://www.vupen.com/english/advisories/2010/0014 Vendor Advisory ([email protected])
http://packetstormsecurity.org/1001-exploits/joomlabamboo-sql.txt Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2010-February/002319.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2010-February/002320.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/10971 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37579 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0014 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)