PT-2009-4688 · Joomla · Casino Videopoker+2

Byalbayx

Published

2009-06-27

Updated

2017-09-19

CVE-2009-2239

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions casinobase (com casinobase) version 0.3.1 casino blackjack (com casino blackjack) version 0.3.1 casino videopoker (com casino videopoker) version 0.3.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the Itemid parameter to "index.php".

Recommendations For casinobase (com casinobase) version 0.3.1, avoid using the Itemid parameter in the "index.php" endpoint until the issue is resolved. For casino blackjack (com casino blackjack) version 0.3.1, avoid using the Itemid parameter in the "index.php" endpoint until the issue is resolved. For casino videopoker (com casino videopoker) version 0.3.1, avoid using the Itemid parameter in the "index.php" endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-2239

Affected Products

Casino Blackjack

Casino Videopoker

Casinobase

PT-2009-4688 · Joomla · Casino Videopoker+2

CVE-2009-2239

Weakness Enumeration

Related Identifiers

Affected Products

References · 5