Posts Tagged ‘iCagenda’

Joomla vulnerabilityAffected products: iCagenda 1.x (Component for Joomla!)

Impact: Unauthorized change

Affected versions: Joomla! iCagenda 1.1.4, possibly earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.

The vulnerability is caused due to insufficient input validation in the “id” parameter in the script index.php (when the parameter “option” is “com_icagenda”, “view” is “list”, and “layout” is “event”). This can be exploited to execute arbitrary SQL commands in the application database. (more…)