vendor:
ProductShowcase
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ProductShowcase
Affected Version From: 1.4
Affected Version To: 1.5
Patch Exists: YES
Related CWE: N/A
CPE: a:numacorp:productshowcase
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Joomla Component com_productshowcase SQL Injection
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject arbitrary SQL code in the 'id' parameter of the 'index.php' script. This can be exploited to disclose the application's database content.
Mitigation:
The vendor has released an update to address this vulnerability. Users are advised to upgrade to the latest version.