(#Several vulnerabilities were reported in Joomla's plugins:#- JooCart: SQL injection triggerable via "product_id" parameter of the "index.php?option=com_opencart&route=product/product" web page#- jCart for OpenCart: SQL injection triggerable via "product_id" parameter of the "index.php?option=com_jcart&route=product/product" web page#- OrdaSoft CCK: SQL injection#- Smart related articles: SQL injection and cross-site scripting#- Extra Search: SQL injection triggerable via "establename" parameter in multiple web pages#- Modern Booking: SQL injection triggerable via "coupon" parameter of the "modern-booking-slots?task=saveorder" web page#- FocalPoint: SQL injection triggerable via "id" parameter of the "index.php?option=com_focalpoint&view=location" web page#- Kunena: cross-site scripting in multiple pages.##Proofs of concept are available.)
Vulnerable Products
Vulnerable Software: Joomla (OSM Development Team) -
