WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1499)

Description

SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.

Remediation

References

Related Vulnerabilities

Moodle Improper Following of Specification by Caller Vulnerability (CVE-2019-14829)

MySQL NULL Pointer Dereference Vulnerability (CVE-2020-1967)

MySQL CVE-2024-21055 Vulnerability (CVE-2024-21055)

WordPress Plugin Two Factor Authentication Cross-Site Request Forgery (1.3.12)

WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (3.4.17)

Severity

High

Classification

CVE-2009-1499 CWE-138

Tags

Missing Update Known Vulnerabilities