PT-2009-6238 · Joomla · Com If Nexus

Published

2009-11-24

Updated

2017-08-17

CVE-2009-4057

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions com if nexus version 1.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the id parameter in an item action to "index.php".

Recommendations For version 1.1, consider restricting access to the id parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the id parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-4057

Affected Products

Com If Nexus

PT-2009-6238 · Joomla · Com If Nexus

CVE-2009-4057

Weakness Enumeration

Related Identifiers

Affected Products

References · 7