Joomla 'Teams' Component SQL Injection Vulnerability Network Vulnerability

Summary

This host is running Joomla with Teams component and is prone to SQL injection vulnerability.

Impact

Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Input passed via the 'PlayerID' parameter to 'index.php' is not properly sanitised before being used in SQL queries.

Affected

Joomla Team Component version 1_1028_100809_1711

References

http://secunia.com/advisories/40933
http://www.exploit-db.com/exploits/14598/
http://www.securityfocus.com/archive/1/archive/1/512974/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4941
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
aflog Cookie-Based Authentication Bypass Vulnerability
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
A Really Simple Chat Multiple SQL Injection Vulnerabilities
artmedic_links5 File Inclusion Vulnerability

Take action and discover your vulnerabilities