vendor:
Timetable Schedule
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Timetable Schedule
Affected Version From: 3.6.8
Affected Version To: 3.6.8
Patch Exists: YES
Related CWE: CVE-2018-17394
CPE: a:osthemeclub:timetable_schedule
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
Joomla! Component Timetable Schedule 3.6.8 – SQL Injection
Joomla! Component Timetable Schedule 3.6.8 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'eid' in the 'index.php' script. This can allow the attacker to gain access to sensitive information from the database.
Mitigation:
Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
