PT-2010-3571 · Joomla · Online News Paper Manager

Publicado

2010-05-18

Atualizado

2010-05-19

CVE-2010-1950

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Online News Paper Manager (com jnewspaper) version 1.0 for Joomla!

Description The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This is achieved by exploiting the date info parameter to the "index.php" endpoint.

Recommendations For version 1.0, consider disabling the date info parameter in the "index.php" endpoint until a patch is available. Restrict access to the index.php endpoint to minimize the risk of exploitation. Avoid using the date info parameter in the affected endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2010-1950

Produtos afetados

Online News Paper Manager

PT-2010-3571 · Joomla · Online News Paper Manager

CVE-2010-1950

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3