SQL Injection in Multiple Joostina Components

vendor:

Joostina CMS

by:

Unknown

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joostina CMS

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

SQL Injection in Multiple Joostina Components

Multiple Joostina components are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the applications, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

It is recommended to sanitize user-supplied input before using it in an SQL query. Implementing parameterized queries or prepared statements can also help prevent SQL injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47595/info

Multiple Joostina components are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the applications, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following components are vulnerable:

'com_frontpage' 1.3.0.4_stable
'com_users'

Other components may also be affected. 

http://www.example.com/[Path]/index.php?option=com_users&task=profile&user=11+AND+1=0
http://www.example.com/[Path]/index.php?option=com_frontpage&Itemid=1&limit=4&limitstart=[SQL-Inj3cT-Here]