Joomla J-ClassifiedsManager 3.0.5 SQL Injection
Description
Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch parameters to the displayads component to extract sensitive database information including usernames, databases, and version details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =3.0.5
Patches
Vulnerability mechanics
Root cause
"Missing input sanitization in the displayads component allows SQL injection through the categorySearch, adType, and citySearch POST parameters."
Attack vector
An unauthenticated attacker sends a POST request to `/component/jclassifiedsmanager/` with the `option=com_jclassifiedsmanager&controller=displayads&task=searchAds` parameters. By injecting SQL payloads into the `categorySearch`, `adType`, or `citySearch` fields, the attacker can execute arbitrary SQL statements. The exploit-db proof-of-concept demonstrates extracting database user, database name, and version information via a time-based or error-based injection in the `citySearch` parameter [ref_id=1].
Affected code
The vulnerability resides in the `displayads` component of Joomla! J-ClassifiedsManager 3.0.5. The POST parameters `categorySearch`, `adType`, and `citySearch` are not sanitized before being used in SQL queries, allowing injection through the `controller=displayads&task=searchAds` action.
What the fix does
No patch is included in the bundle. The advisory does not provide a fix; the only remediation guidance is implicit from the exploit disclosure. Users should apply input validation or parameterized queries to the `categorySearch`, `adType`, and `citySearch` parameters in the `displayads` controller, or upgrade to a patched version if one becomes available.
Preconditions
- configThe Joomla! J-ClassifiedsManager 3.0.5 component must be installed and accessible on the target.
- authNo authentication is required; the attack is performed over HTTP POST to the public-facing component endpoint.
- networkThe attacker must be able to send HTTP POST requests to the Joomla instance.
- inputMalicious SQL payloads are injected via the categorySearch, adType, or citySearch POST parameters.
Reproduction
Send a POST request to `http://TARGET/[PATH]/component/jclassifiedsmanager/` with body `searchKeyword=&categorySearch=&adType=&citySearch=1'||(SELECT 'Efe' FROM DUAL WHERE 2=2 AND (SELECT 2 FROM(SELECT COUNT(*),CONCAT(CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT (ELT(2=2,1))),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'&option=com_jclassifiedsmanager&controller=displayads&task=searchAds&view=displayads`. The server returns a 500 error and the injected SQL extracts database user, name, and version [ref_id=1].
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.exploit-db.com/exploits/46231mitreexploit
- www.vulncheck.com/advisories/joomla-j-classifiedsmanager-sql-injectionmitrethird-party-advisory
- cmsjunkie.commitreproduct
- extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/j-classifiedsmanager/mitreproduct
News mentions
0No linked articles in our index yet.