CVE-2008-2701

Vulnerability

The GameQ component (com_gameq) for Joomla! versions 4.0 and earlier contains a SQL injection vulnerability in the category_id parameter when processing a page action in index.php. The parameter is not sanitized before being used in SQL queries, allowing an attacker to inject arbitrary SQL commands.

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP request to the Joomla! instance. The request must include the option=com_gameq, task=page, and a malicious category_id parameter. The provided proof-of-concept demonstrates a UNION-based injection that extracts data from the jos_users table, such as usernames and password hashes [1].

Impact

Successful exploitation allows the attacker to execute arbitrary SQL commands, leading to information disclosure. The example in the reference shows retrieval of user credentials (username and password hash) from the Joomla! user table, which could be used for further compromise.

Mitigation

No official fix or patched version is documented in the available references. Users should disable the GameQ component if not required, or apply input validation and parameterized queries to mitigate the risk. The component may be obsolete or unsupported.