vendor:
Component EventList
by:
ajann
7.5
CVSS
HIGH
Remote Blind SQL Injection
89
CWE
Product Name: Component EventList
Affected Version From: 0.8
Affected Version To: 0.8
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Joomla Component EventList <= 0.8 (did) Remote Blind SQL Injection Vulnerability
The Joomla Component EventList version 0.8 and below is vulnerable to a remote blind SQL injection. The vulnerability allows an attacker to inject malicious SQL code through the 'did' parameter in the 'details' function of the 'com_eventlist' module. An example exploit is provided in the text.
Mitigation:
Upgrade to a patched version of the Joomla Component EventList.