vendor:
Catalogue Component
by:
Unknown
7.5
CVSS
HIGH
SQL Injection and Local File Include
89
CWE
Product Name: Catalogue Component
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: a:joomla:catalogue_component
Platforms Tested:
Unknown
Joomla! Catalogue Component SQL Injection and Local File Include Vulnerabilities
The Joomla! Catalogue Component is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. By using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
Mitigation:
The vendor has released a patch to address these vulnerabilities. It is recommended to update to the latest version of the Joomla! Catalogue Component. Additionally, input validation and sanitization should be implemented to prevent SQL injection and local file inclusion attacks.
