Joomla OSDownloads 1.7.4 SQL Injection via item view
Description
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 1.7.4
Patches
Vulnerability mechanics
Root cause
"Missing input sanitization on the `id` parameter allows SQL injection."
Attack vector
An unauthenticated attacker sends a crafted GET request to `index.php` with `option=com_osdownloads&view=item&id=[SQL]`. The `id` parameter is directly interpolated into a SQL query without sanitization, enabling the attacker to execute arbitrary SQL statements [ref_id=1]. This allows extraction of sensitive database contents such as credentials and configuration data.
Affected code
The vulnerable component is the `view=item` handler in the OSDownloads 1.7.4 Joomla component. The `id` parameter passed via GET request is not sanitized before being used in SQL queries, allowing injection of arbitrary SQL commands.
What the fix does
The advisory does not include a patch or vendor fix. To remediate the vulnerability, the `id` parameter must be validated and sanitized (e.g., cast to an integer or passed through a prepared statement) before being used in database queries. Without such input sanitization, the component remains vulnerable to SQL injection.
Preconditions
- configThe Joomla OSDownloads component version 1.7.4 must be installed and enabled.
- networkThe attacker must be able to send HTTP GET requests to the Joomla instance.
- authNo authentication is required; the attack is unauthenticated.
- inputThe attacker controls the `id` GET parameter value.
Reproduction
Send a GET request to `http://localhost/[PATH]/index.php?option=com_osdownloads&view=item&id=[SQL]` where `[SQL]` is a malicious SQL payload such as `8+aND(/*!22200sELeCT*/+0x30783331+/*!22200FrOM*/+(/*!22200SeLeCT*/+cOUNT(*),/*!22200CoNCaT*/((sELEcT(sELECT+/*!22200CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1` [ref_id=1].
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.exploit-db.com/exploits/42561mitreexploit
- www.vulncheck.com/advisories/joomla-osdownloads-sql-injection-via-item-viewmitrethird-party-advisory
- extensions.joomla.org/extensions/extension/directory-a-documentation/downloads/osdownloads/mitreproduct
- joomlashack.commitreproduct
News mentions
0No linked articles in our index yet.