PT-2016-4511 · Huge It · Huge It Catalog Extension

Larry W. Cashdollar

Publicado

2016-10-21

Atualizado

2018-05-02

CVE-2016-1000119

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huge IT catalog extension version 1.0.4

Description The issue concerns SQL injection (SQLi) and cross-site scripting (XSS) in the Huge IT catalog extension for Joomla. SQLi is a type of attack where an attacker injects malicious SQL code to manipulate the database, while XSS is an attack where an attacker injects malicious code into a website, which is then executed by the user's browser.

Recommendations For version 1.0.4, consider disabling the extension until a patch is available to prevent potential SQLi and XSS attacks. Restrict access to sensitive database queries and user input validation to minimize the risk of exploitation.

Exploit

Correção

XSS

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-89

Identificadores relacionados

CVE-2016-1000119

Produtos afetados

Huge It Catalog Extension

PT-2016-4511 · Huge It · Huge It Catalog Extension

CVE-2016-1000119

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5