Joomla! YouTube Gallery Component 'gallery.php' SQL Injection Vulnerability

Summary
This host is installed with Joomla! YouTube Gallery Component and is prone to sql injection vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary SQL statements on the vulnerable system, which may leads to access or modify data in the underlying database. Impact Level: Application
Solution
Upgrade to version 4.1.9 or higher, For updates refer to http://www.joomlaboat.com/youtube-gallery
Insight
Flaw is due to the /com_youtubegallery/models/gallery.php script not properly sanitizing user-supplied input to the 'listid' and 'themeid' parameters.
Affected
Joomla! YouTube Gallery Component version 4.1.7, Prior versions may also be affected.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References