vendor:
Event Manager
by:
Fl0riX
8.8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Event Manager
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Joomla Component Event Manager Blind SQL Injection Vulnerability
An attacker can exploit this vulnerability to gain access to admin login credentials. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in the back-end database. This can allow the attacker to access or modify data in the back-end database, or gain access to sensitive information such as admin login credentials.
Mitigation:
Input validation should be performed to ensure that untrusted data is not allowed to be included in the SQL query.
