Joomla! Video Gallery component Local File Include and SQL Injection Vulnerabilities
BID:53237
Info
Joomla! Video Gallery component Local File Include and SQL Injection Vulnerabilities
| Bugtraq ID: | 53237 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2012 12:00AM |
| Updated: | Apr 24 2012 12:00AM |
| Credit: | KedAns-Dz |
| Vulnerable: |
Joomla Video Gallery 0 |
| Not Vulnerable: | |
Discussion
Joomla! Video Gallery component Local File Include and SQL Injection Vulnerabilities
The Video Gallery component for Joomla! is prone to local file-include and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the affected application. Information harvested may aid in further attacks.
The attacker can exploit the SQL-injection vulnerability to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control.
The Video Gallery component for Joomla! is prone to local file-include and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the affected application. Information harvested may aid in further attacks.
The attacker can exploit the SQL-injection vulnerability to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control.
Solution / Fix
Joomla! Video Gallery component Local File Include and SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Joomla! Video Gallery component Local File Include and SQL Injection Vulnerabilities
References:
References:
- Joomla! Homepage (Joomla!)