vendor:
Nice Talk
by:
ajann
7.5
CVSS
HIGH
Remote Blind SQL Injection
89
CWE
Product Name: Nice Talk
Affected Version From: 2000.9.3
Affected Version To: 2000.9.3
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Joomla Component Nice Talk <= 0.9.3 (tagid) Remote Blind SQL Injection Vulnerability
This exploit allows an attacker to perform a blind SQL injection attack in the Joomla Component Nice Talk version 0.9.3 or earlier. By injecting malicious SQL code into the 'tagid' parameter of the component, an attacker can retrieve sensitive information from the database.
Mitigation:
To mitigate this vulnerability, it is recommended to update to the latest version of Joomla Component Nice Talk.