漏洞类别:CGI
漏洞等级: 
漏洞信息
Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization.
The vulnerability exists because of inadequate filtering of request data, which leads to a SQL injection vulnerability.
Affected Versions:
Joomla! versions 3.7.0
QID Detection Logic:
This QID depends on BlindElephant engine to detect the version of the Joomla! installation as active attacks could potentially harm live installations.
漏洞危害
Successful exploitation could allow a remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.
解决方案
Customers are advised to upgrade to Joomla! 3.7.1 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论