n-forms Joomla! and Mambo 'com_n-forms' Component SQL Injection Vulnerability

Bugtraq ID:	30201
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 12 2008 12:00AM
Updated:	Nov 10 2008 04:54PM
Credit:	The Moorish, d3b4g
Vulnerable:	Mambo com_n-forms 1.01 Joomla com_n-forms 1.01
Not Vulnerable:

n-forms Joomla! and Mambo 'com_n-forms' Component SQL Injection Vulnerability

The 'n-forms' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects n-forms 1.01; other versions may also be affected.

n-forms Joomla! and Mambo 'com_n-forms' Component SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following exploits are available:

• /data/vulnerabilities/exploits/30201.pl
• /data/vulnerabilities/exploits/30201_d3b4g.pl

n-forms Joomla! and Mambo 'com_n-forms' Component SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

n-forms Joomla! and Mambo 'com_n-forms' Component SQL Injection Vulnerability

References:

• Joomla! Homepage (Joomla )
  
• Mambo Homepage (Mambo)