Joomla JE Poll Component Unspecified Parameter SQL Injection Vulnerability
BID:51229
Info
Joomla JE Poll Component Unspecified Parameter SQL Injection Vulnerability
| Bugtraq ID: | 51229 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-5101 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2012 12:00AM |
| Updated: | Sep 25 2012 04:30PM |
| Credit: | Reported by the vendor |
| Vulnerable: |
Joomla JE Poll 1.0 |
| Not Vulnerable: |
Joomla JE Poll 1.1 |
Discussion
Joomla JE Poll Component Unspecified Parameter SQL Injection Vulnerability
The Joomla! JE Poll component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Joomla JE Poll versions prior to 1.1 are affected.
The Joomla! JE Poll component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Joomla JE Poll versions prior to 1.1 are affected.
Exploit / POC
Joomla JE Poll Component Unspecified Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
References
Joomla JE Poll Component Unspecified Parameter SQL Injection Vulnerability
References:
References:
- JE Poll Homepage (JE Poll)
- Joomla Hompage (Joomla)