vendor:
Fastball
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Fastball
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: YES
Related CWE: CVE-2018-6373
CPE: a:fastballproductions:fastball:2.5
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component Fastball 2.5 – SQL Injection
Joomla! Component Fastball 2.5 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL code to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
Mitigation:
Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.