PT-2016-4512 · Huge It · Huge It Catalog Extension

Larry W. Cashdollar

Published

2016-10-27

Updated

2016-12-22

CVE-2016-1000120

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huge IT catalog extension version 1.0.4

Description The issue concerns SQL injection (SQLi) and cross-site scripting (XSS) in the Huge IT catalog extension for Joomla. SQLi is a type of attack where an attacker injects malicious SQL code to manipulate the database, while XSS is an attack where an attacker injects malicious code into a website, which is then executed by the user's browser.

Recommendations For version 1.0.4, update to a newer version that addresses these issues, if available. As a temporary workaround, consider restricting access to sensitive database queries and validating user input to minimize the risk of SQLi and XSS exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2016-1000120

Affected Products

Huge It Catalog Extension

PT-2016-4512 · Huge It · Huge It Catalog Extension

CVE-2016-1000120

Weakness Enumeration

Related Identifiers

Affected Products

References · 5