vendor:
Article Factory Manager
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Article Factory Manager
Affected Version From: 4.3.9
Affected Version To: 4.3.9
Patch Exists: NO
Related CWE: CVE-2018-17380
CPE: a:thephpfactory:article_factory_manager:4.3.9
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component Article Factory Manager 4.3.9 – SQL Injection
A SQL injection vulnerability exists in Joomla! Component Article Factory Manager 4.3.9. An attacker can send a malicious SQL query to the vulnerable parameter 'filter_search' in the 'index.php' script to execute arbitrary SQL commands in the context of the web server.
Mitigation:
Input validation should be used to prevent SQL injection attacks.
