vendor:
NeoReferences
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: NeoReferences
Affected Version From: 1.3.2001
Affected Version To: 1.3.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:neojoomla:neoreferences:1.3.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Joomla SQL Injection (com_neoreferences)
An attacker can exploit a SQL injection vulnerability in the com_neoreferences component of Joomla! to execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'catid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. Successful exploitation could result in unauthorized access to sensitive information or allow an attacker to modify data in the back-end database.
Mitigation:
Upgrade to the latest version of Joomla! or apply the patch from the vendor.