PT-2019-9458 · Joomla · Micro Deal Factory

Published

2019-06-19

Updated

2019-06-21

CVE-2018-17386

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Micro Deal Factory version 2.4.0

Description The issue exists due to SQL Injection in the Micro Deal Factory component for Joomla. This can be exploited via the id parameter or the PATH INFO to "mydeals/" or "listdeals/".

Recommendations For Micro Deal Factory version 2.4.0, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable component to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoints until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-17386

Affected Products

Micro Deal Factory

PT-2019-9458 · Joomla · Micro Deal Factory

CVE-2018-17386

Weakness Enumeration

Related Identifiers

Affected Products

References · 4