漏洞类别:CGI
漏洞等级: 
漏洞信息
Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization. Huge-IT Video Gallery is a Joomla! video gallery component.
The vulnerability exists in the components/com_videogallerylite/ajax_url.php source file that fails to sanitize user supplied input received via the load_videos_content argument. An unauthenticated, remote attacker could exploit this vulnerability by transmitting crafted HTTP GET requests to inject malicious SQL code in a targeted Joomla! installation.
Affected versions:
Joomla Huge-IT Video Gallery (com_videogallerylite) component 3.3.6
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.
解决方案
The vendor has not confirmed this vulnerability.
Workaround:
Although the vendor has not confirmed this vulnerability, updated version is available, which may fix the vulnerability. Customers are advised to install the updated version.
0day
文章评论