header-logo
Suggest Exploit
vendor:
Contact Form Maker
by:
TUNISIAN CYBER
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Contact Form Maker
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: N/A
Related CWE: N/A
CPE: a:joomla:contact_form_maker:1.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

Joomla Contact Form Maker v1.0.1 Component – SQL injection vulnerability

Contact Form Maker v1.0.1 suffers, from an SQL injection vulnerability. Proof of concept: 127.0.0.1/index.php?option=com_contactformmaker&view=contactformmaker&id=SQL_INJECTION_HERE

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

[+]Title: Joomla Contact Form Maker v1.0.1 Component - SQL injection vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 29/03/2015
[+]Vendor: http://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/contact-form-maker
[+]Type:WebApp
[+]Risk:High
[+]Overview:
Contact Form Maker v1.0.1 suffers, from an SQL injection vulnerability.
   
[+]Proof Of Concept:
  
127.0.0.1/index.php?option=com_contactformmaker&view=contactformmaker&id=SQL

Navigation

Suggest Exploit

Services By CQR