Joomla! Component Sponsor Wall 8.0 SQL Injection
Description
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_sponsorwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 8.0
Patches
Vulnerability mechanics
Root cause
"Missing input validation and sanitization of the wallid parameter allows SQL injection."
Attack vector
An unauthenticated attacker sends a crafted GET request to the Joomla! instance, targeting `index.php` with `option=com_sponsorwall&task=click` and injecting SQL commands into the `wallid` parameter [ref_id=1]. The payload uses obfuscation techniques such as `/*!11100sELeCT*/` to bypass simple filters and extract database information. By exploiting this SQL injection, the attacker can retrieve sensitive data including database credentials and configuration from the underlying MySQL server.
Affected code
The vulnerability resides in the `wallid` parameter of the `com_sponsorwall` component in Joomla! Sponsor Wall 8.0. The `index.php?option=com_sponsorwall&task=click&wallid=` endpoint does not sanitize or validate user-supplied input before passing it to SQL queries.
What the fix does
The advisory does not include a published patch. To remediate the vulnerability, the application must properly sanitize and parameterize the `wallid` input before using it in SQL queries. Developers should implement prepared statements or parameterized queries to prevent malicious SQL from being interpreted as commands.
Preconditions
- configThe Joomla! instance must have the Sponsor Wall 8.0 component installed and enabled.
- networkThe attacker must be able to send HTTP GET requests to the vulnerable endpoint.
- authNo authentication is required; the attack is unauthenticated.
- inputThe attacker must craft a SQL injection payload in the wallid parameter.
Reproduction
Send a GET request to `http://localhost/[PATH]/index.php?option=com_sponsorwall&task=click&wallid=[SQL]` where `[SQL]` is a malicious SQL payload such as `86+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1` [ref_id=1].
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.exploit-db.com/exploits/42525mitreexploit
- www.vulncheck.com/advisories/joomla-component-sponsor-wall-sql-injectionmitrethird-party-advisory
- pulseextensions.commitreproduct
- extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/sponsor-wall/mitreproduct
News mentions
0No linked articles in our index yet.