PT-2009-2350 · Open Source Matters+1 · Joomla!+1

Jdc

Publicado

2009-07-30

Atualizado

2017-09-29

CVE-2008-6881

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Joomla! component com livechat version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the Live Chat component, specifically via the last parameter to the following API endpoints: "getChat.php", "getChatRoom.php", and "getSavedChatRooms.php".

Recommendations: For version 1.0 of the com livechat component, consider disabling the affected API endpoints "getChat.php", "getChatRoom.php", and "getSavedChatRooms.php" until a patch is available to prevent exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2008-6881

Produtos afetados

Joomla!

Com Livechat

PT-2009-2350 · Open Source Matters+1 · Joomla!+1

CVE-2008-6881

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5