vendor:
AlphaContent
by:
cO2 [ Algeria Security Crew ]
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: AlphaContent
Affected Version From: 2.5.2004
Affected Version To: 2.5.2008
Patch Exists: YES
Related CWE: N/A
CPE: a:visualclinic:alphacontent
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Joomla Component com_alphacontent SQL Injection
A vulnerability exists in Joomla Component com_alphacontent versions 2.5.4 and 2.5.8, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.
Mitigation:
Upgrade to the latest version of Joomla Component com_alphacontent.