PT-2009-2321 · Open Source Matters · Joomla!

Boom3Rang

Published

2009-07-07

Updated

2017-09-29

CVE-2008-6852

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Joomla! component com ice version 0.5 beta 2

Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the catid parameter in the index.php API endpoint.

Recommendations: For version 0.5 beta 2, consider restricting access to the catid parameter in the index.php endpoint until a patch is available. As a temporary workaround, avoid using the catid parameter to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-6852

Affected Products

Joomla!

PT-2009-2321 · Open Source Matters · Joomla!

CVE-2008-6852

Weakness Enumeration

Related Identifiers

Affected Products

References · 4