PT-2018-14006 · Joomla · Collection Factory

Ihsan Sencan

Published

2018-09-28

Updated

2018-11-15

CVE-2018-17383

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Joomla! Collection Factory version 4.1.9

Description A SQL Injection issue exists in the Collection Factory component for Joomla!, which can be exploited via the filter order or filter order Dir parameter.

Recommendations For version 4.1.9, avoid using the filter order and filter order Dir parameters in the affected component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-17383

Affected Products

Collection Factory

PT-2018-14006 · Joomla · Collection Factory

CVE-2018-17383

Weakness Enumeration

Related Identifiers

Affected Products

References · 4