PT-2019-7511 · Open Source Matters+1 · Joomla!+1

Published

2019-02-04

Updated

2019-02-22

CVE-2016-1000271

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DT Register versions prior to 3.1.12 (Joomla 3.x) DT Register versions prior to 2.8.18 (Joomla 2.5)

Description The issue concerns an SQL injection in the "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events" endpoint. This attack is exploitable if the attacker can reach the web server.

Recommendations For DT Register versions prior to 3.1.12 (Joomla 3.x), update to version 3.1.12 or later. For DT Register versions prior to 2.8.18 (Joomla 2.5), update to version 2.8.18 or later. As a temporary workaround, consider restricting access to the "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events" endpoint until a patch is applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2016-1000271

Affected Products

Dt Register

Joomla!

PT-2019-7511 · Open Source Matters+1 · Joomla!+1

CVE-2016-1000271

Weakness Enumeration

Related Identifiers

Affected Products

References · 3