Summary
This host is installed with Joomla RSfiles and is prone to sql injection vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Upgrade to Joomla RSfiles REV 12 or later.
For updates refer http://www.rsjoomla.com/joomla-extensions/joomla-download-manager.html
Insight
Input passed via the 'cid' GET parameter to index.php (when 'option' is set to 'com_rsfiles', 'view' is set to 'files', 'layout' is set to 'agreement', and 'tmpl' is set to 'component') is not properly sanitised before being used in a SQL query.
Affected
Joomla RSfiles
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Allegro RomPager `Misfortune Cookie` Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- 68designs 68kb Multiple Remote File Include Vulnerabilities