CVE-2009-3661

Name of the Vulnerable Software and Affected Versions Joomla! component DJ-Catalog (com djcatalog) (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter in a 'showItem' action and the cid parameter in a 'show' action to 'index.php'.

Recommendations For the DJ-Catalog component, consider restricting access to the 'showItem' and 'show' actions in 'index.php' until a fix is available. Avoid using the id and cid parameters in these actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.