vendor:
mygallery Joomla Component ( farbinform_krell)
by:
MANAS58 BAYBORA
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: mygallery Joomla Component ( farbinform_krell)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
mygallery Joomla Component ( farbinform_krell)
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'cid' parameter of the 'viewcategory' component. A remote attacker can send a specially crafted request to the vulnerable component and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive data from the database, modify existing data, execute administration operations, etc.
Mitigation:
Input validation should be used to prevent SQL injection attacks. The application should also use stored procedures and parameterized queries to prevent SQL injection.