|
Description
|
|
(#Several vulnerabilities have been identified in third-party plugins for Joomla:#- AVChat Video Integration Kit: too permissive permissions on certains files##- CVE-2016-1000125 - Huge-IT Catalog: SQL injection. A remote attacker could exploit it by sending crafted requests that include SQL statements in order to modify or delete entries in some database tables. This vulnerability is located in the "load_more_elements_into_catalog" parameter of the "ajax_url.php" script file.##A proof of concept is available for the vulnerability CVE-2016-1000125.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Joomla (OSM Development Team) -
|
|
|
|
|
|
Solution
|
|
No solution for the moment.
|
|
|
|
|
|
CVE
|
|
CVE-2016-1000125
|
|
|
|
|
|
References
|
|
- exploit-db : Joomla! Component Catalog 1.0.7 - SQL Injection
https://www.exploit-db.com/exploits/40851/
- AVChat Video Chat Integration Kit,, File permissions
https://vel.joomla.org/live-vel/1896-avchat-video-chat-integration-kit-file-permissions
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
