PT-2018-17643 · Joomla · Jextn Reverse Auction

Ihsan Sencan

Published

2018-02-02

Updated

2018-02-14

CVE-2018-6579

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JEXTN Reverse Auction version 3.1.0

Description A SQL Injection issue exists in the JEXTN Reverse Auction component for Joomla. This issue can be exploited via a request to the view=products&uid= endpoint, where the uid parameter is vulnerable to injection.

Recommendations For JEXTN Reverse Auction version 3.1.0, consider disabling the view=products endpoint or restricting access to it until a patch is available. Avoid using the uid parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-6579

Affected Products

Jextn Reverse Auction

PT-2018-17643 · Joomla · Jextn Reverse Auction

CVE-2018-6579

Weakness Enumeration

Related Identifiers

Affected Products

References · 3