vendor:
Joomla com_ccinvoices
by:
Fl0riX ~ Bug Researchers
8,8
CVSS
HIGH
SQL injection
89
CWE
Product Name: Joomla com_ccinvoices
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Joomla Component ccinvoices SQL Injection Vulnerability
An unauthenticated attacker can exploit a SQL injection vulnerability in the Joomla com_ccinvoices component to gain access to admin login credentials. The vulnerability exists in the index.php file, where user-supplied input passed via the 'id' parameter is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
Mitigation:
Input validation should be used to sanitize user-supplied input before being used in a SQL query.
