vendor:
Simple Review
by:
EcHoLL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Simple Review
Affected Version From: 1.3.2005
Affected Version To: 1.3.2005
Patch Exists: YES
Related CWE: N/A
CPE: a:rowan_youngson:simple_review
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Mambo CMS
2009
Joomla com_simple_review Sql injection
A SQL injection vulnerability exists in the com_simple_review component of Joomla. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input in the 'category' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database and execution of arbitrary SQL commands.
Mitigation:
The vendor has released an update to address this vulnerability. Users are advised to upgrade to the latest version of the application.
