SNS Vulnerability

Joomla Third-Party Plugins Multiple Vulnerabilities

Description

(#Several vulnerabilities have been identified in third-party plugins for Joomla:#- Blog Calendar: SQL injection triggerable via the "modid" parameter of the "index.php?option=com_blog_calendar" page#- JMS Support Online: cross-site scripting#- aWeb Cart Watching System for Virtuemart: SQL injection triggerable via the "view" parameter of the "index.php?option=com_virtuemart" page#- Remository: arbitrary file upload#- Kunena: cross-site scripting.##Proofs of concepts are available.)

Vulnerable Products

Vulnerable Software:
Joomla (OSM Development Team) -

Solution

- Kunena: 5.0.5.

CVE

References

- Exploit-DB : Joomla! Component Blog Calendar - SQL Injection
https://www.exploit-db.com/exploits/40966/
- Joomla : JMS Support Online module, 2.0.0, XSS (Cross Site Scripting)
https://vel.joomla.org/live-vel/1904-jms-support-online-module-2-0-0-xss-cross-site-scripting
- PacketStormSecurity : Joomla aWeb Cart Watching System For Virtuemart 2.6.0 SQL Injection
https://packetstormsecurity.com/files/140289/joomlaawebcart-sql.txt
- CXSecurity : Joomla com_remository Remote Upload File
https://cxsecurity.com/issue/WLB-2017010011
- Kunena : 5.0.5 Released - Security Update
https://www.kunena.org/forum/announcement/id-107

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
Joomla com_remository component remote file upload	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2017-01-04

Target Type

Server

Possible exploit

Remote