vendor:
JomSocial
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: JomSocial
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Joomla! Component JomSocial – SQL Injection
Login as regular user and inject malicious SQL code in the URL parameters of the vulnerable Joomla! Component JomSocial, such as http://localhost/[PATH]/groups/?IhsanSencan=[SQL], http://localhost/[PATH]/videos/?IhsanSencan=[SQL], http://localhost/[PATH]/events/?IhsanSencan=[SQL].
Mitigation:
Ensure that user input is properly sanitized and validated before being used in SQL queries.
