vendor:
com_airmonoblock
by:
Pyske
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: com_airmonoblock
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Joomla Component com_airmonoblock Blind SQL Injection Vulnerability
A vulnerability exists in the Joomla Component com_airmonoblock, which allows an attacker to inject malicious SQL queries and gain access to admin login credentials. This is done by sending a specially crafted HTTP request to the vulnerable server, containing malicious SQL code in the 'id' parameter. The malicious code is then executed by the server, allowing the attacker to gain access to the admin login credentials.
Mitigation:
Input validation should be used to filter out malicious characters.
