vendor:
Joomla
by:
Snakespc
7,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From: Joomla 3.9.0
Affected Version To: Joomla 3.9.20
Patch Exists: YES
Related CWE: CVE-2020-1234
CPE: a:joomla:joomla
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2020
Joomla Component “com_productbook” SQL Injection Vulnerability
This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable web application. The vulnerable parameter is the "id" parameter in the "com_productbook" component of Joomla. By manipulating the "id" parameter, an attacker can inject malicious SQL queries into the application. The malicious SQL query in this exploit is "UNION all SELECT 1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58+from+condev.jos_users--" which allows an attacker to extract usernames, passwords, and emails from the database.
Mitigation:
To mitigate this vulnerability, the application should use parameterized queries instead of dynamic SQL queries. Additionally, the application should also use input validation to ensure that the input is valid and does not contain any malicious code.
