vendor:
Smart Shoutbox
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Smart Shoutbox
Affected Version From: 3.0.0
Affected Version To: 3.0.0
Patch Exists: YES
Related CWE: CVE-2018-5975
CPE: a:thekrotek:smart_shoutbox:3.0.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component Smart Shoutbox 3.0.0 – SQL Injection
A SQL injection vulnerability exists in Joomla! Component Smart Shoutbox 3.0.0. An attacker can send a malicious SQL query to the vulnerable parameter 'shoutauthor' in the 'archive' page of the component. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Mitigation:
The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the component.
