vendor:
D3000
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: D3000
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: N/A
CPE: a:download3000:d3000
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Joomla!
2008
D3000
An attacker can exploit a SQL injection vulnerability in the Download 3000 component for Joomla! to execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter of the 'index.php' script when 'task' is set to 'showarticles'. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the context of the affected application. This may allow the attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to dynamically construct SQL queries.