Summary
This host is running Joomla with multiple components and is prone to SQL injection vulnerabilities.
Impact
Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code.
Impact Level: Application.
Solution
For solution or patch refer the refer section.
For updates refer to http://extensions.joomla.org/extensions/
Insight
For more information about vulnerability refer the references section.
Affected
Joomla Joostina component
Joomla sgicatalog component
Joomla Amblog component version 1.0
Joomla Clantools Component version 1.2.3
Joomla CamelcityDB component version 2.2
Joomla Clantools Component version 1.2.3
Joomla Restaurant Guide component version 1.0.0
Joomla Aardvertiser Component versions 2.1 and 2.1.1
References
- http://packetstormsecurity.org/files/92305/joomlacamelcitydb2-sql.txt
- http://packetstormsecurity.org/files/view/105704/joomlasgicatalog-sql.txt
- http://secunia.com/advisories/40932
- http://secunia.com/advisories/41322
- http://www.exploit-db.com/exploits/14530/
- http://www.exploit-db.com/exploits/14596/
- http://www.exploit-db.com/exploits/14902/
- http://www.exploit-db.com/exploits/15040/
- http://www.exploit-db.com/exploits/15157/
- http://xforce.iss.net/xforce/xfdb/62151
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-4865, CVE-2010-4902, CVE-2010-4927, CVE-2010-4928, CVE-2010-4929, CVE-2010-4937, CVE-2010-4945 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- AlefMentor Multiple SQL Injection Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability