Metasploit modules that can be used to exploit Joomla products

Order by Disclosure Date Module Name Module Type
  • Joomla API Improper Access Checks
    Disclosure Date: 2023-02-01
    First seen: 2023-09-11
    auxiliary/scanner/http/joomla_api_improper_access_checks
    Joomla versions between 4.0.0 and 4.2.7, inclusive, contain an improper API access vulnerability. This vulnerability allows unauthenticated users access to webservice endpoints which contain sensitive information. Specifically for this module we exploit the users and config/application endpoints. This module was tested against Joomla 4.2.7 running on Docker. Authors: - h00die - Tianji Lab
  • Joomla Component Fields SQLi Remote Code Execution
    Disclosure Date: 2017-05-17
    First seen: 2020-04-26
    exploit/unix/webapp/joomla_comfields_sqli_rce
    This module exploits a SQL injection vulnerability in the com_fields component, which was introduced to the core of Joomla in version 3.7.0. Authors: - Mateus Lino - luisco100 <luisco100@gmail.com>
  • WordPress PHPMailer Host Header Command Injection
    Disclosure Date: 2017-05-03
    First seen: 2020-04-26
    exploit/unix/webapp/wp_phpmailer_host_header
    This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely. Authors: - Dawid Golunski - wvu <wvu@metasploit.com>
  • PHPMailer Sendmail Argument Injection
    Disclosure Date: 2016-12-26
    First seen: 2020-04-26
    exploit/multi/http/phpmailer_arg_injection
    PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes. Authors: - Dawid Golunski - Spencer McIntyre
  • PHPMailer Sendmail Argument Injection
    Disclosure Date: 2016-12-26
    First seen: 2020-04-26
    exploit/multi/http/phpmailer_arg_injection
    PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes. Authors: - Dawid Golunski - Spencer McIntyre
  • Joomla Account Creation and Privilege Escalation
    Disclosure Date: 2016-10-25
    First seen: 2020-04-26
    auxiliary/admin/http/joomla_registration_privesc
    This module creates an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3. If an email server is configured in Joomla, an email will be sent to activate the account (the account is disabled by default). Authors: - Fabio Pires <fp@integrity.pt> - Filipe Reis <fr@integrity.pt> - Vitor Oliveira <vo@integrity.pt>
  • Joomla Account Creation and Privilege Escalation
    Disclosure Date: 2016-10-25
    First seen: 2020-04-26
    auxiliary/admin/http/joomla_registration_privesc
    This module creates an arbitrary account with administrative privileges in Joomla versions 3.4.4 through 3.6.3. If an email server is configured in Joomla, an email will be sent to activate the account (the account is disabled by default). Authors: - Fabio Pires <fp@integrity.pt> - Filipe Reis <fr@integrity.pt> - Vitor Oliveira <vo@integrity.pt>
  • Joomla HTTP Header Unauthenticated Remote Code Execution
    Disclosure Date: 2015-12-14
    First seen: 2020-04-26
    exploit/multi/http/joomla_http_header_rce
    Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the database. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialisation of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1. Authors: - Marc-Alexandre Montpas - Christian Mehlmauer <FireFart@gmail.com>
  • Joomla Content History SQLi Remote Code Execution
    Disclosure Date: 2015-10-23
    First seen: 2020-04-26
    exploit/unix/webapp/joomla_contenthistory_sqli_rce
    This module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used to login to the Joomla administrator backend. By creating a new template file containing our payload, remote code execution is made possible. Authors: - Asaf Orpani - xistence <xistence@0x90.nl>
  • Joomla Content History SQLi Remote Code Execution
    Disclosure Date: 2015-10-23
    First seen: 2020-04-26
    exploit/unix/webapp/joomla_contenthistory_sqli_rce
    This module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used to login to the Joomla administrator backend. By creating a new template file containing our payload, remote code execution is made possible. Authors: - Asaf Orpani - xistence <xistence@0x90.nl>
  • Joomla Content History SQLi Remote Code Execution
    Disclosure Date: 2015-10-23
    First seen: 2020-04-26
    exploit/unix/webapp/joomla_contenthistory_sqli_rce
    This module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used to login to the Joomla administrator backend. By creating a new template file containing our payload, remote code execution is made possible. Authors: - Asaf Orpani - xistence <xistence@0x90.nl>
  • Joomla com_contenthistory Error-Based SQL Injection
    Disclosure Date: 2015-10-22
    First seen: 2020-04-26
    auxiliary/gather/joomla_contenthistory_sqli
    This module exploits a SQL injection vulnerability in Joomla versions 3.2 through 3.4.4 in order to either enumerate usernames and password hashes. Authors: - Asaf Orpani - bperry - Nixawk
  • Joomla Akeeba Kickstart Unserialize Remote Code Execution
    Disclosure Date: 2014-09-29
    First seen: 2020-04-26
    exploit/unix/webapp/joomla_akeeba_unserialize
    This module exploits a vulnerability found in Joomla! through 2.5.25, 3.2.5 and earlier 3.x versions and 3.3.0 through 3.3.4 versions. The vulnerability affects the Akeeba component, which is responsible for Joomla! updates. Nevertheless it is worth to note that this vulnerability is only exploitable during the update of the Joomla! CMS. Authors: - Johannes Dahse - us3r777 <us3r777@n0b0.so>
  • Joomla Media Manager File Upload Vulnerability
    Disclosure Date: 2013-08-01
    First seen: 2020-04-26
    exploit/unix/webapp/joomla_media_upload_exec
    This module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module has been tested successfully on Joomla 2.5.13 and 3.1.4 on Ubuntu 10.04. Note: If public access isn't allowed to the Media Manager, you will need to supply a valid username and password (Editor role or higher) in order to work properly. Authors: - Jens Hinrichsen - juan vazquez <juan.vazquez@metasploit.com>
10 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close