SNS Vulnerability

Joomla Third-Party Plugins Multiple SQL Injection Vulnerabilities

Description

(#Several SQL injections have been identified in the following third-party plugins:#- Store For K2#- MultiTier#- UserExtranet#- JaJobBoard#- Intranet Attendance Track#- Community Quiz#- Wisroyq#- JO Facebook Gallery#- JooDatabase#- Community Polls#- Sgpprojects#- Digistore#- Profiler#- Community Surveys#- AJAX Search For K2#- Glossary#- Civicrm#- GPS Tools#- jumi#- remository#- k2#- onlinejudge#- fsf#- publication#- rsgallery#- OneVote!#- Gnosis#- Appointments for JomSocial#- My MSG#- Spinner#- JomSocial.##Proofs of concepts are available.)

Vulnerable Products

Vulnerable Software:
Joomla (OSM Development Team) -

Solution

No solution for the moment.

CVE

References

- PacketStorm : Store For K2 3.8.2 SQL Injection
https://packetstormsecurity.com/files/141262/joomlastorefork2382-sql.txt
- PacketStorm : MultiTier 3.1 SQL Injection
https://packetstormsecurity.com/files/141258/joomlamultitier31-sql.txt
- PacketStorm : UserExtranet 1.3.1 SQL Injection
https://packetstormsecurity.com/files/141259/joomlauserextranet131-sql.txt
- PacketStorm : JaJobBoard 1.5 SQL Injection
https://packetstormsecurity.com/files/141292/joomlajajobboard15-sql.txt
- 0day.today : Intranet Attendance Track 2.6.5 Component - SQL Injection Vulnerability
http://0day.today/exploit/27125
- PacketStorm : Community Quiz 4.3.5 SQL Injection
https://packetstormsecurity.com/files/141312/joomlacommunityquiz435-sql.txt
- PacketStorm : Wisroyq 1.6 SQL Injection
https://packetstormsecurity.com/files/141310/joomlawisroyq-sql.txt
- PacketStorm : JO Facebook Gallery 4.5 SQL Injection
https://packetstormsecurity.com/files/141308/joomlajofbgallery45-sql.txt
- PacketStorm : JooDatabase 3.1.0 SQL Injection
https://packetstormsecurity.com/files/141309/joomlajoodatabase310-sql.txt
- PacketStorm : Community Polls 4.5.0 SQL Injection
https://packetstormsecurity.com/files/141316/joomlacommunitypolls450-sql.txt
- PacketStorm : Sgpprojects 3.1 SQL Injection
https://packetstormsecurity.com/files/141317/joomlasgpprojects31-sql.txt
- PacketStorm : Digistore 1.5 / 1.6 SQL Injection
https://packetstormsecurity.com/files/141306/joomladigistore1516-sql.txt
- PacketStorm : Profiler 1.4 SQL Injection
https://packetstormsecurity.com/files/141314/joomlaprofiler14-sql.txt
- PacketStorm : Community Surveys 4.3 SQL Injection
https://packetstormsecurity.com/files/141319/joomlacommunitysurveys43-sql.txt
- PacketStorm : AJAX Search For K2 2.2 SQL Injection
https://packetstormsecurity.com/files/141305/joomlaajaxsearchk222-sql.txt
- PacketStorm : Glossary 1.6 SQL Injection
https://packetstormsecurity.com/files/141318/joomlaglossary16-sql.txt
- PacketStorm : Civicrm 1.6 SQL Injection
https://packetstormsecurity.com/files/141315/joomlacivicrm16-sql.txt
- PacketStorm : GPS Tools 4.0.1 SQL Injection
https://packetstormsecurity.com/files/141313/joomlagpstools401-sql.txt
- CXSecurity : com_jumi - SQL Injection Exploit
https://cxsecurity.com/issue/WLB-2017020252
- CXSecurity : com_remository Component 'id' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020260
- CXSecurity : com_k2 Component 'id' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020259
- CXSecurity : com_onlinejudge Component - 'Itemid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020258
- CXSecurity : com_fsf Component 'catid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020257
- CXSecurity : com_publication Component 'sid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020256
- Vulnerability-Lab : com_rsgallery2 v1.6 - SQL Injection Vulnerability
https://www.vulnerability-lab.com/get_content.php?id=2039
- 0day.today : OneVote! 1.0 Component - SQL Injection Vulnerability
http://0day.today/exploit/27141
- 0day.today : Gnosis 1.1.2 Component - id Parameter SQL Injection Vulnerability
http://0day.today/exploit/27140
- 0day.today : Appointments for JomSocial 3.8.1 Component - SQL Injection Vulnerability
http://0day.today/exploit/27139
- 0day.today : My MSG 3.2.1 Component - SQL Injection Vulnerability
http://0day.today/exploit/27138
- 0day.today : Spinner 360 1.3.0 Component - SQL Injection Vulnerability
http://0day.today/exploits/27137
- 0day.today : JomSocial Component - SQL Injection Vulnerability
http://0day.today/exploit/27136

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2017-02-23

Target Type

Client

Possible exploit

Remote