PT-2018-17642 · Open Source Matters+1 · Joomla!+1
Ihsan Sencan
·
Publicado
2018-02-02
·
Atualizado
2018-02-14
·
CVE-2018-6578
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Joomla! JE PayperVideo component version 3.0.0
Description
A SQL Injection issue exists in the JE PayperVideo component for Joomla!, specifically via the
usr plan parameter in a "view=myplans&task=myplans.usersubscriptions" request.Recommendations
For Joomla! JE PayperVideo component version 3.0.0, consider restricting access to the
usr plan parameter in the affected API endpoint until a patch is available. Avoid using the usr plan parameter in the "view=myplans&task=myplans.usersubscriptions" request until the issue is resolved.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Je Paypervideo
Joomla!