Joomla RSfiles SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is installed with Joomla RSfiles and is prone to sql injection vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Upgrade to Joomla RSfiles REV 12 or later. For updates refer http://www.rsjoomla.com/joomla-extensions/joomla-download-manager.html

Insight

Input passed via the 'cid' GET parameter to index.php (when 'option' is set to 'com_rsfiles', 'view' is set to 'files', 'layout' is set to 'agreement', and 'tmpl' is set to 'component') is not properly sanitised before being used in a SQL query.

Affected

Joomla RSfiles

References

http://secunia.com/advisories/52668
http://www.exploit-db.com/exploits/24851
http://www.osvdb.com/91448
http://www.securelist.com/en/advisories/52668

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Axis2 Document Type Declaration Processing Security Vulnerability
Atmail Multiple Unspecified Security Vulnerabilities.
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
AdPeeps 'index.php' Multiple Vulnerabilities.
Artifectx xClassified 'catid' SQL Injection Vulnerability

Take action and discover your vulnerabilities