Summary
This host is installed with Joomla component
CMSJunkie J-ClassifiedsManager and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data, and also execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
No solution or patch is available as of
9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.cmsjunkie.com/classifieds-manager
Insight
Multiple errors exists as,
- Input passed via the 'view' parameter to /classifieds script is not validated before returning it to users.
- Input passed via the 'id' parameter to /classifieds/offerring-ads script is not properly sanitized before returning it to users.
Affected
Joomla CMSJunkie J-ClassifiedsManager
Detection
Send a crafted data via HTTP GET request
and check whether it is able to execute sql query or not.
References
Severity
Classification
-
CVE CVE-2015-1477, CVE-2015-1478 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.