Joomla Third-Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for Joomla:#several SQL injections in the following third-party plugins:#- onisPetitions#- onisQuotes#- onisMusic#- Sponsor Wall#- Vik Booking#- JEmbedAll#- Soccer Bet via the "userid" parameter#- Sports Predictions#- JE Property Finder#- JE Tour#- JE Gallery via the "photo_id" parameter#- JE QuoteForm via the "Itemid" parameter#- JE Directory via the "ditemid" parameter#- JE Video Rate#- JE Auto via the "d_itemid" parameter#- JE auction via the "eid" parameter#- JE Classify Ads via the "pro_id" parameter#- GameServer!#- Fastball#- JE Awd#- Hbooking#- JE Messanger#- JE Portfolio Creator#- JE Grid Folio#- JE Ticket System#- JE Form Creator#- JE K2 Multiple Form Story#- JE Directory Ads#- JE Quiz#- JE Classify Ads#- Music Collection#- JSP Store Locator via the "id" parameter#- JoomBlog#- Spider FAQ Lite#- Spider Calendar Lite#- Spider Catalog Lite#- Spider Facebook#- Groovy Gallery#- Team Display##A cross-site scripting vulnerability in GeoContent.##Proofs of concepts are available.)
     
Vulnerable Products   Vulnerable Software:
Joomla (OSM Development Team) -
     
Solution   No solution for the moment.
     
CVE  
     
References   - cxsecurity : Joomla Component onisPetitions 2.5 - SQL Injection
https://cxsecurity.com/issue/WLB-2017020114
- cxsecurity : Joomla Component onisQuotes 2.5 - SQL Injection
https://cxsecurity.com/issue/WLB-2017020115
- cxsecurity : Joomla Component onisMusic 2 - SQL Injection
https://cxsecurity.com/issue/WLB-2017020116
- cxsecurity : Joomla Component Sponsor Wall 7.0 - SQL Injection
https://cxsecurity.com/issue/WLB-2017020117
- cxsecurity : Joomla Component Vik Booking 1.7 - SQL Injection
https://cxsecurity.com/issue/WLB-2017020118
- exploit-db : Joomla! Component JEmbedAll 1.4 - SQL Injection
https://www.exploit-db.com/exploits/41378
- exploit-db : Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection
https://www.exploit-db.com/exploits/41328/?rss
- cxsecurity : Joomla Component Sports Predictions 2.1.0.4 - Cross-site scripting
https://cxsecurity.com/issue/WLB-2017020120
- cxsecurity : Joomla Joominaflileselling 2.2 SQL Injection
https://packetstormsecurity.com/files/141031/joomlaflile22-sql.txt
- cxsecurity : Joomla Sports Predictions 2.1.0.4 Cross Site Scripting
https://packetstormsecurity.com/files/141032/joomlasp2104-xss.txt
- exploit-db : Joomla! Component JE Tour 2.0 - SQL Injection
https://www.exploit-db.com/exploits/41335/
- exploit-db : Joomla! Component JE Property Finder 1.6.3 - SQL Injection
https://www.exploit-db.com/exploits/41334/
- exploit-db : Joomla! Component JE Video Rate 1.0 - SQL Injection
https://www.exploit-db.com/exploits/41336/
- exploit-db : Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection
https://www.exploit-db.com/exploits/41338/
- exploit-db : Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection
https://www.exploit-db.com/exploits/41337/
- exploit-db : Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41330/
- exploit-db : Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41331/
- exploit-db : Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection
https://www.exploit-db.com/exploits/41333/
- exploit-db : Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection
https://www.exploit-db.com/exploits/41332/
- cxsecurity : Joomla Component GameServer! 3.4 - SQL Injection
https://cxsecurity.com/issue/WLB-2017020148
- cxsecurity : Joomla Component Fastball 3.2.8 - SQL Injection
https://cxsecurity.com/issue/WLB-2017020147
- cxsecurity : Joomla Component GeoContent 4.5 - Cross-site scripting
https://cxsecurity.com/issue/WLB-2017020146
- cxsecurity : Joomla JE Awd Song 1.8 SQL Injection
https://cxsecurity.com/issue/WLB-2017020142
- cxsecurity : Joomla Hbooking 1.9.9 SQL Injection
https://cxsecurity.com/issue/WLB-2017020141
- cxsecurity : Joomla JE Auto 1.5 SQL Injection
https://cxsecurity.com/issue/WLB-2017020140
- cxsecurity : Joomla JE Auction 1.6 SQL Injection
https://cxsecurity.com/issue/WLB-2017020139
- cxsecurity : Joomla JE Tour 2.0 SQL Injection
https://cxsecurity.com/issue/WLB-2017020138
- cxsecurity : Joomla JE Video Rate 1.0 SQL Injection
https://cxsecurity.com/issue/WLB-2017020137
- cxsecurity : Joomla JE Messanger SQL Injection
https://cxsecurity.com/issue/WLB-2017020126
- cxsecurity : Joomla JE Gallery 1.3 SQL Injection
https://cxsecurity.com/issue/WLB-2017020127
- cxsecurity : Joomla JE Property Finder 1.6.3 SQL Injection
https://cxsecurity.com/issue/WLB-2017020128
- cxsecurity : Joomla JE Portfolio Creator 1.2 SQL Injection
https://cxsecurity.com/issue/WLB-2017020129
- cxsecurity : Joomla JE Grid Folio SQL Injection
https://cxsecurity.com/issue/WLB-2017020130
- cxsecurity : Joomla JE Ticket System 1.2 SQL Injection
https://cxsecurity.com/issue/WLB-2017020131
- cxsecurity : Joomla JE Form Creator 1.8 SQL Injection
https://cxsecurity.com/issue/WLB-2017020132
- cxsecurity : Joomla JE K2 Multiple Form Story 1.3 SQL Injection
https://cxsecurity.com/issue/WLB-2017020133
- cxsecurity : Joomla JE Directory Ads 1.7 SQL Injection
https://cxsecurity.com/issue/WLB-2017020134
- cxsecurity : Joomla JE Quiz 2.3 SQL Injection
https://cxsecurity.com/issue/WLB-2017020135
- cxsecurity : Joomla JE Classify Ads 1.2 SQL Injection
https://cxsecurity.com/issue/WLB-2017020136
- cxsecurity : Joomla Music Collection 3.0.3 SQL Injection
https://packetstormsecurity.com/files/141082/joomlamusiccollection303-sql.txt
- exploit-db : Joomla! Component JSP Store Locator 2.2 - 'id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41368
- exploit-db : Joomla! Component JoomBlog 1.3.1 - SQL Injection
https://www.exploit-db.com/exploits/41362/
- exploit-db : Joomla! Component Spider FAQ Lite 1.3.1 - SQL Injection
https://www.exploit-db.com/exploits/41374/
- exploit-db : Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection
https://www.exploit-db.com/exploits/41371/
- exploit-db : Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection
https://www.exploit-db.com/exploits/41372/
- exploit-db : Joomla! Component Spider Facebook 1.6.1 - SQL Injection
https://www.exploit-db.com/exploits/41373/
- exploit-db : Joomla! Component Groovy Gallery 1.0.0 - SQL Injection
https://www.exploit-db.com/exploits/41380/?rss
- exploit-db : Joomla! Component Team Display 1.2.1 - 'filter_category' Parameter SQL Injection
https://www.exploit-db.com/exploits/41379/?rss
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-02-17 

 Target Type 
Client + Server 

 Possible exploit 
Remote