header-logo
Suggest Exploit
vendor:
com_publisher component
by:
s0nk3y
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_publisher component
Affected Version From: All
Affected Version To: All
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 16.04
2016

Joomla com_publisher component SQL Injection vulnerability

Publisher Pro is the ultimate publishing platform for Joomla, turning your site into a professional news portal or a magazine that people want to read! Itemid Parameter Vulnerable To SQL Injection http://server/index.php?option=com_publisher&view=issues&Itemid=[SQLI]&lang=en

Mitigation:

Upgrade to the latest version of the Joomla com_publisher component.
Source

Exploit-DB raw data:

# Exploit Title: Joomla com_publisher component SQL Injection vulnerability
# Exploit Author: s0nk3y
# Date: 21-06-2016
# Software Link: http://extensions.joomla.org/extension/publisher-pro
# Category: webapps
# Version: All
# Tested on: Ubuntu 16.04

1. Description
Publisher Pro is the ultimate publishing platform for Joomla, turning your
site into a professional news portal or a magazine that people want to read!

2. Proof of Concept

Itemid Parameter Vulnerable To SQL Injection

http://server/index.php?option=com_publisher&view=issues&Itemid=[SQLI]&lang=en

Navigation

Suggest Exploit

Services By CQR