vendor:
InviteX
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: InviteX
Affected Version From: 3.0.5
Affected Version To: 3.0.5
Patch Exists: YES
Related CWE: CVE-2018-6394
CPE: a:techjoomla:invitex:3.0.5
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component InviteX 3.0.5 – SQL Injection
Joomla! Component InviteX 3.0.5 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially allowing for the retrieval of sensitive data from the database.
Mitigation:
Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.