This host is installed with Joomla component CMSJunkie J-ClassifiedsManager and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data, and also execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.cmsjunkie.com/classifieds-manager

Multiple errors exists as, - Input passed via the 'view' parameter to /classifieds script is not validated before returning it to users. - Input passed via the 'id' parameter to /classifieds/offerring-ads script is not properly sanitized before returning it to users.

Joomla CMSJunkie J-ClassifiedsManager

Send a crafted data via HTTP GET request and check whether it is able to execute sql query or not.

• http://osvdb.org/117567
• http://osvdb.org/117568
• http://packetstormsecurity.com/files/130093
• http://www.exploit-db.com/exploits/35911

---

Updated on 2015-03-25