SQL-injection in the Joomla! Spider Catalog

Posted: November 9, 2012 in Vulnerabilities
Tags: , , ,

Joomla vulnerability

SQL-injection in Spider Catalog

Vulnerability:SQL-injection in the Joomla! Spider Catalog

Danger: middle
Number of vulnerabilities: 1

Impact: Unauthorized change

Affected products: Spider Catalog 1.x (component for Joomla!)

Affected versions: Joomla! Spider Catalog 1.1, maybe earlier

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.

The vulnerability is caused due to insufficient input validation in the parameter “product_id” in the script index.php (when the parameter “option” is “com_spidercatalog”). This can be exploited to execute arbitrary SQL commands in the application database.

Manufacturer URL: http://www.web-dorado.com/products/joomla-catalog.html

Solution: The way to eliminate the vulnerability does not exist at present.

links:

http://www.exploit-db.com/exploits/22403/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s