This host is running Joomla with Jomdirectory and/or Advert components and is prone to SQL injection vulnerabilities.

Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application.

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

The flaws are due to an, - Input passed via the 'type' parameter to 'index.php' (when option is set to com_jomdirectory) is not properly sanitised before being used in a SQL query. - Input passed via the 'id', 'n_id' and 'Itemid' parameters to 'index.php' (when option is set to com_advert) is properly sanitised before being used in a SQL query.

Joomla Advert component Joomla Jomdirectory component