vendor:
JquickContact
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: JquickContact
Affected Version From: 1.3.2.2.1
Affected Version To: 1.3.2.2.1
Patch Exists: NO
Related CWE: CVE-2018-5983
CPE: 2.3:a:joomla:jquickcontact
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component JquickContact 1.3.2.2.1 – SQL Injection
A SQL injection vulnerability exists in Joomla! Component JquickContact 1.3.2.2.1. An attacker can send a malicious HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. The application should also use parameterized queries to prevent SQL injection.