Joomla! YouTube Gallery Component 'gallery.php' SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with Joomla! YouTube Gallery Component and is prone to sql injection vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary SQL statements on the vulnerable system, which may leads to access or modify data in the underlying database. Impact Level: Application

Solution

Upgrade to version 4.1.9 or higher, For updates refer to http://www.joomlaboat.com/youtube-gallery

Insight

Flaw is due to the /com_youtubegallery/models/gallery.php script not properly sanitizing user-supplied input to the 'listid' and 'themeid' parameters.

Affected

Joomla! YouTube Gallery Component version 4.1.7, Prior versions may also be affected.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.com/109195
http://packetstormsecurity.com/files/127497
http://www.exploit-db.com/exploits/34087

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4960
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
Allegro RomPager `Misfortune Cookie` Vulnerability
3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
Apple Safari RSS Feed Information Disclosure Vulnerability
Adobe ColdFusion Information Disclosure Vulnerability

Take action and discover your vulnerabilities