
SQL-injection in Spider Catalog
Vulnerability:SQL-injection in the Joomla! Spider Catalog
Danger: middle
Number of vulnerabilities: 1
Impact: Unauthorized change
Affected products: Spider Catalog 1.x (component for Joomla!)
Affected versions: Joomla! Spider Catalog 1.1, maybe earlier
Description:
The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.
The vulnerability is caused due to insufficient input validation in the parameter “product_id” in the script index.php (when the parameter “option” is “com_spidercatalog”). This can be exploited to execute arbitrary SQL commands in the application database.
Manufacturer URL: http://www.web-dorado.com/products/joomla-catalog.html
Solution: The way to eliminate the vulnerability does not exist at present.
links: