SNS Vulnerability

Joomla Third-Party Plugins Multiple Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for Joomla:#- Carocci: SQL injection triggerable via the "isbn" parameter#- Kide: SQL injection triggerable via the "view" parameter#- Eventlist: SQL injection triggerable via the "id" parameter#- Product: SQL injection triggerable via the "main_proid" parameter#- ALFContact: SQL injection#- Akeeba Backup: directory traversal triggerable via the POST "action" parameter#- FLEXIcontent: security bypass#- Joomloc-lite: SQL injection.##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
Joomla (OSM Development Team) -

Solution

- Joomloc-lite: 1.4.1.

CVE

References

- Bugtraq : Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/48
- Bugtraq : Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/47
- Bugtraq : Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/46
- CXSecurity : Joomla com_product 2.2 SQL injection Vulnerability
https://cxsecurity.com/issue/WLB-2017030101
- PacketStormSecurity : Joomla ALFContact 3.2.3 SQL Injection
https://packetstormsecurity.com/files/141605/joomlaalfcontact323-sql.txt
- Joomla : Canonical Url,4.1.1,SQL Injection
https://vel.joomla.org/live-vel/1933-canonical-url-4-1-1-sql-injection
- CXSecurity : Joomla Component Akeeba Backup 5.2.5 - Directory Traversal
https://cxsecurity.com/issue/WLB-2017030072
- oss-sec : CVE Request: Joomla! FLEXIcontent - Incorrect Authorization (Authorization Bypass)
http://seclists.org/oss-sec/2017/q1/577
- Joomla : Joomloc-lite by joomloc.fr,1.3.3,SQL Injection
https://vel.joomla.org/live-vel/1947-joomloc-lite-by-joomloc-fr-1-3-3-sql-injection

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Misc : Directory traversal - parameter starting with ../	3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
Directory traversal using ..\..	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
Directory traversal	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
Directory traversal backward root folder	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2017-03-13

Target Type

Client

Possible exploit

Remote