PT-2007-7147 · Open Source Matters · Joomla!

Beenudel1986

Published

2007-12-07

Updated

2018-10-15

CVE-2007-6272

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Joomla! version 1.5 RC3

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through the view parameter to the com content component, the task parameter to the com search component, or the option parameter in a search action to the com search component.

Recommendations For Joomla! version 1.5 RC3, consider updating to a newer version to mitigate the risk of SQL injection attacks. As a temporary workaround, restrict access to the com content and com search components to minimize the risk of exploitation. Avoid using the view, task, and option parameters in the affected components until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-6272

Affected Products

Joomla!

PT-2007-7147 · Open Source Matters · Joomla!

CVE-2007-6272

Weakness Enumeration

Related Identifiers

Affected Products

References · 8