vendor:
com_catalogproduction
by:
boom3rang
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: com_catalogproduction
Affected Version From: Joomla & Mambo
Affected Version To: Joomla & Mambo
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Joomla & Mambo com_catalogproduction (id) SQL injection vulnerability!
A SQL injection vulnerability exists in Joomla & Mambo com_catalogproduction module. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerable parameter is the 'id' parameter which is passed to the 'index.php' script. An attacker can inject malicious SQL code into the 'id' parameter and execute it in the backend database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.