Joomla Com_xmap SQL Injection Vulnerability Network Vulnerability

Summary

This host is running Joomla xmap component and is prone to SQL injection vulnerability.

Impact

Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application.

Solution

Upgrade to Joomla Xmap component version 1.2.12 or later For updates refer to http://joomlacode.org/gf/project/xmap/frs/?action=FrsReleaseBrowse&frs_package_id=3882

Insight

The flaw is due to input passed via 'view' parameter to 'index.php' is not properly sanitised before being used in a SQL query.

Affected

Joomla Xmap component version 1.2.11

References

http://packetstormsecurity.org/files/view/103010/joomlaxmap1211-sql.txt

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaxPortal 'di.php' File Inclusion Vulnerability
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Alchemy Eye HTTP Command Execution
Apache Struts2 Redirection and Security Bypass Vulnerabilities

Joomla com_xmap SQL Injection Vulnerability

Take action and discover your vulnerabilities