vendor:
JGive
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: JGive
Affected Version From: 2.0.9
Affected Version To: 2.0.9
Patch Exists: YES
Related CWE: CVE-2018-5970
CPE: a:techjoomla:jgive:2.0.9
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component JGive 2.0.9 – SQL Injection
Joomla! Component JGive 2.0.9 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'filter_org_ind_type' and 'campaign_countries' parameters in the 'index.php' and 'more/campaigns-in-pin-display/campaigns/all/search/' scripts, respectively. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Mitigation:
The vendor has released an update to address this vulnerability. Users are advised to update to the latest version.