header-logo
Suggest Exploit
vendor:
Timetable Schedule
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Timetable Schedule
Affected Version From: 3.6.8
Affected Version To: 3.6.8
Patch Exists: YES
Related CWE: CVE-2018-17394
CPE: a:osthemeclub:timetable_schedule
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

Joomla! Component Timetable Schedule 3.6.8 – SQL Injection

Joomla! Component Timetable Schedule 3.6.8 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'eid' in the 'index.php' script. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
# Dork: N/A
# Date: 2018-09-24
# Vendor Homepage: http://osthemeclub.com/
# Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-schedule/
# Version: 3.6.8
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-17394
# # # # #
# Exploit Author: Ihsan Sencan
# # # # #
# 
# POC: 
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_timetableschedule&view=schedule&Itemid=492&eid=[SQL]
# 
# # # #

Navigation

Suggest Exploit

Services By CQR