PT-2018-17512 · Open Source Matters+1 · Joomla!+1
Ihsan Sencan
·
Publicado
2018-02-17
·
Atualizado
2018-03-05
·
CVE-2018-6372
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Joomla! JB Bus version 2.3
Description
A SQL Injection issue exists in the JB Bus component for Joomla!, which can be exploited via the
order number parameter.Recommendations
For Joomla! JB Bus version 2.3, consider restricting access to the vulnerable component until a patch is available. Avoid using the
order number parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jb Bus
Joomla!