vendor:
Flash Magazine Deluxe
by:
TurkGuvenligi
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Flash Magazine Deluxe
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Joomla Component Flash Magazine Deluxe Remote Sql Injection
A vulnerability in Joomla Component Flash Magazine Deluxe allows an attacker to inject malicious SQL commands into the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mag_id' parameter of the 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the context of the application. This can allow the attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and compromise the underlying system.
Mitigation:
The vendor has released an update to address this vulnerability. Users are advised to upgrade to the latest version of the application.
