PT-2018-12602 · Cwjoomla · Cw Article Attachments Free+1

Published

2018-09-20

Updated

2018-11-09

CVE-2018-14592

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CWJoomla CW Article Attachments PRO extension versions prior to 2.0.7 CW Article Attachments FREE extension versions prior to 1.0.6

Description The issue allows SQL Injection within the "download.php" endpoint. This could potentially lead to unauthorized access to sensitive data.

Recommendations For CWJoomla CW Article Attachments PRO extension versions prior to 2.0.7, update to version 2.0.7 or later. For CW Article Attachments FREE extension versions prior to 1.0.6, update to version 1.0.6 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-14592

Affected Products

Cw Article Attachments Free

Cw Article Attachments Pro

PT-2018-12602 · Cwjoomla · Cw Article Attachments Free+1

CVE-2018-14592

Weakness Enumeration

Related Identifiers

Affected Products

References · 4