CVE-2016-1000120

Name of the Vulnerable Software and Affected Versions Huge IT catalog extension version 1.0.4

Description The issue concerns SQL injection (SQLi) and cross-site scripting (XSS) in the Huge IT catalog extension for Joomla. SQLi is a type of attack where an attacker injects malicious SQL code to manipulate the database, while XSS is an attack where an attacker injects malicious code into a website, which is then executed by the user's browser.

Recommendations For version 1.0.4, update to a newer version that addresses these issues, if available. As a temporary workaround, consider restricting access to sensitive database queries and validating user input to minimize the risk of SQLi and XSS exploitation.