Joomla! Spider Contacts 'index.php' SQL Injection Vulnerability
BID:69757
Info
Joomla! Spider Contacts 'index.php' SQL Injection Vulnerability
| Bugtraq ID: | 69757 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 10 2014 12:00AM |
| Updated: | Sep 10 2014 12:00AM |
| Credit: | Claudio Viviani |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Joomla! Spider Contacts 'index.php' SQL Injection Vulnerability
Spider Contacts for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Spider Contacts 1.3.6 and prior are vulnerable.
Spider Contacts for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Spider Contacts 1.3.6 and prior are vulnerable.
Exploit / POC
Joomla! Spider Contacts 'index.php' SQL Injection Vulnerability
An attacker can exploit this issue using a web browser.
The following exploit code is available:
An attacker can exploit this issue using a web browser.
The following exploit code is available:
Solution / Fix
Joomla! Spider Contacts 'index.php' SQL Injection Vulnerability
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Joomla! Spider Contacts 'index.php' SQL Injection Vulnerability
References:
References: