Affected products: iCagenda 1.x (Component for Joomla!)
Impact: Unauthorized change
Affected versions: Joomla! iCagenda 1.1.4, possibly earlier.
Description:
The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.
The vulnerability is caused due to insufficient input validation in the “id” parameter in the script index.php (when the parameter “option” is “com_icagenda”, “view” is “list”, and “layout” is “event”). This can be exploited to execute arbitrary SQL commands in the application database.
Manufacturer URL: http://www.joomlic.com/en/extensions/icagenda
Solution: The way to eliminate the vulnerability does not exist at present.
links:
http://packetstormsecurity.org/files/116151/Joomla-ICAgenda-SQL-Injection-Path-Disclosure.html
This website definitely has all the information I
wanted concerning this subject and didn’t know who
to ask.