vendor:
JomEstate PRO
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: JomEstate PRO
Affected Version From: 3.7 and below
Affected Version To: 3.7
Patch Exists: YES
Related CWE: CVE-2018-6368
CPE: a:comdev:jomestate_pro
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component JomEstate PRO <= 3.7 - SQL Injection
Joomla! Component JomEstate PRO version 3.7 and below is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'index.php' page. This can allow the attacker to access sensitive information from the database.
Mitigation:
Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.