vendor:
com_contactinfo
by:
boom3rang
7.5
CVSS
HIGH
SQL-injection
89
CWE
Product Name: com_contactinfo
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Joomla com_contactinfo(catid) SQL-injection vulnerability
A vulnerability exists in Joomla's com_contactinfo module, which allows an attacker to inject arbitrary SQL commands. This is done by manipulating the 'catid' parameter in a malicious SQL query. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords.
Mitigation:
Ensure that user-supplied input is properly validated and filtered before being used in SQL queries.