Joomla! Spider Calendar 'com_spidercalendar' Component Multiple SQL Injection Vulnerabilities
BID:69677
Info
Joomla! Spider Calendar 'com_spidercalendar' Component Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 69677 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 08 2014 12:00AM |
| Updated: | Sep 08 2014 12:00AM |
| Credit: | Claudio Viviani |
| Vulnerable: |
Web-Dorado Spider Calendar 3.2.6 |
| Not Vulnerable: | |
Exploit / POC
Joomla! Spider Calendar 'com_spidercalendar' Component Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URI and an exploit is available:
http://www.example.com/joomla/index.php?option=com_spidercalendar&calendar_id=1 [SQLi]
Attackers can use a browser to exploit these issues.
The following example URI and an exploit is available:
http://www.example.com/joomla/index.php?option=com_spidercalendar&calendar_id=1 [SQLi]
References
Joomla! Spider Calendar 'com_spidercalendar' Component Multiple SQL Injection Vulnerabilities
References:
References:
- Joomla! Homepage (Joomla!)
- Spider Calendar Homepage (Web-Dorado)