vendor:
Garys Cookbook
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Garys Cookbook
Affected Version From: 1.1.2001
Affected Version To: 1.1.2001
Patch Exists: NO
Related CWE: N/A
CPE: a:gerald_berger:garyscookbook
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
joomla com_garyscookbook SQL Injection(id)
An attacker can exploit a SQL injection vulnerability in Joomla's com_garyscookbook component to gain access to sensitive information from the application's database. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information from the application's database.
Mitigation:
Ensure that user-supplied input is properly sanitized before being used in SQL queries.