Description

Joomla! CMS versions 3.1.0 through 3.2.2 are vulnerable to an SQL injection vulnerability if the default data is selected during installation.

Remediation

Upgrade to the latest version of Joomla!.

References

[20140301] - Core - SQL Injection

Related Vulnerabilities

WordPress Plugin WP-AutoYoutube 'index.php' Script SQL Injection (0.1)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.9.9.2.8)

WordPress Plugin WR ContactForm SQL Injection (1.1.9)

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.15.727)

WordPress Plugin Availability Calendar SQL Injection (1.2)

Severity

High

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection