PT-2016-4511 · Huge It · Huge It Catalog Extension

Larry W. Cashdollar

Published

2016-10-21

Updated

2018-05-02

CVE-2016-1000119

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huge IT catalog extension version 1.0.4

Description The issue concerns SQL injection (SQLi) and cross-site scripting (XSS) in the Huge IT catalog extension for Joomla. SQLi is a type of attack where an attacker injects malicious SQL code to manipulate the database, while XSS is an attack where an attacker injects malicious code into a website, which is then executed by the user's browser.

Recommendations For version 1.0.4, consider disabling the extension until a patch is available to prevent potential SQLi and XSS attacks. Restrict access to sensitive database queries and user input validation to minimize the risk of exploitation.

Exploit

Fix

XSS

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-89

Related Identifiers

CVE-2016-1000119

Affected Products

Huge It Catalog Extension

PT-2016-4511 · Huge It · Huge It Catalog Extension

CVE-2016-1000119

Weakness Enumeration

Related Identifiers

Affected Products

References · 5