SNS Vulnerability

Joomla Third-Party Modules Multiple SQL Injection Vulnerabilities

Description

(#Several SQL injection vulnerabilities were reported in third-party modules for Joomla:#- Scatalog: via the "Itemid" parameter in the "?option=com_scatalog&view=category&catalog=categories" web page#- Subcategory: via the "id" parameter in the "?option=com_subcategory" web page.##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
Joomla (OSM Development Team) -

Solution

No solution for the moment.

CVE

References

- PacketStormSecurity : Joomla Scatalog 2.0 SQL Injection
https://packetstormsecurity.com/files/135697/joomlascatalog-sql.txt
- PacketStormSecurity : Joomla Subcategory 1.2.15 SQL Injection
https://packetstormsecurity.com/files/135698/joomlasubcategory-sql.txt

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-02-10

Target Type

Server

Possible exploit

Remote