vendor:
Magic Deals Web
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Magic Deals Web
Affected Version From: 1.2.0
Affected Version To: 1.2.0
Patch Exists: YES
Related CWE: N/A
CPE: a:jasonwebdesign:magic_deals_web:1.2.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Joomla! Component Magic Deals Web v1.2.0 – SQL Injection
A SQL injection vulnerability exists in Joomla! Component Magic Deals Web v1.2.0. An attacker can exploit this vulnerability to inject malicious SQL queries into the application and gain access to sensitive data. The vulnerability is due to insufficient sanitization of user-supplied input in the 'filterbycats', 'fullordering', 'search_in' and 'q' parameters. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. Successful exploitation of this vulnerability can result in unauthorized access to sensitive data.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, the application should be configured to use the latest version of the Joomla! framework.
