Joomla CCBoard SQL Injection and Arbitrary File Upload Vulnerabilities

vendor:

CCBoard

by:

Unknown

7.5

CVSS

HIGH

SQL Injection, Arbitrary File Upload

89, 434

CWE

Product Name: CCBoard

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: No

Related CWE:

CPE: a:joomla:ccboard

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Joomla CCBoard SQL Injection and Arbitrary File Upload Vulnerabilities

Joomla CCBoard is prone to an SQL-injection vulnerability and an arbitrary-file-upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Update to the latest version of Joomla CCBoard. Sanitize user-supplied data before using it in SQL queries. Restrict file uploads to trusted file types and validate file contents.

Source

Joomla CCBoard SQL Injection and Arbitrary File Upload Vulnerabilities

Mitigation:

Exploit-DB raw data: