PT-2010-2387 · Joomla · Jevents Search Plugin

Publicado

2010-02-12

Atualizado

2010-02-15

CVE-2010-0635

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JEvents Search plugin versions 1.5 through 1.5.3 for Joomla!

Description The issue allows remote attackers to execute arbitrary SQL commands. This is due to a SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php.

Recommendations For JEvents Search plugin versions 1.5 through 1.5.3, consider disabling the onSearch method in the plgSearchEventsearch class until a patch is available. Restrict access to the eventsearch.php file to minimize the risk of exploitation.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2010-0635

Produtos afetados

Jevents Search Plugin

PT-2010-2387 · Joomla · Jevents Search Plugin

CVE-2010-0635

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4