PT-2018-17936 · Joomla · Saxum Astro

Ihsan Sencan

·

Published

2018-02-17

·

Updated

2018-03-02

·

CVE-2018-7180

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Saxum Astro version 4.0.14
Description A SQL Injection issue exists in the Saxum Astro component for Joomla!, which can be exploited via the publicid parameter.
Recommendations For Saxum Astro version 4.0.14, avoid using the publicid parameter in the affected component until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-7180

Affected Products

Saxum Astro