Joomla Third-Party Plugins Multiple Vulnerabilities


Description   (#Several SQL injection vulnerabilities have been identified in third-party plugins for Joomla:#- YandexMap#- NS Download Shop#- Keen IT Photo Contest#- Price Alert for Virtuemart.##A remote attacker could exploit them by sending requests with specially crafted SQL statements in order to perform unauthorized operation on the database.##These vulnerabilities stem from an improper sanitization of user-supplied input.##Proofs of concept are available.#Updated, 29/10/2017#The following CVE identifiers have been attributed for the following third-party plugins:#- NS Download Shop : CVE-2017-15965#- YandexMap : CVE-2017-15966.)
     
Vulnerable Products   Vulnerable Software:
Joomla (OSM Development Team) - 1.0, 1.0.1, 1.0.10, 1.0.11, 1.0.12, ..., 3.7.3, 3.7.4, 3.7.5, 3.8.0,
     
Solution   No solution for the moment.
     
CVE   CVE-2017-15966
CVE-2017-15965
     
References   - packetstormsecurity : Joomla Zh YandexMap 6.1.1.0 SQL Injection
https://packetstormsecurity.com/files/144436/joomlazhyandexmap6110-sql.txt
- packetstormsecurity : Joomla NS Download Shop 2.2.6 SQL Injection
https://packetstormsecurity.com/files/144435/joomlansdownloadshop226-sql.txt
- vel : Keen IT Photo Contest, 1.0.2, SQL Injection
https://vel.joomla.org/vel-blog/2024-keen-it-photo-contest-1-0-2-sql-injection
- vel : Price Alert for Virtuemart,3.0.4,SQL Injection
https://vel.joomla.org/vel-blog/2026-price-alert-for-virtuemart-3-0-2-sql-injection
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2017-09-21 

 Target Type 
Client 

 Possible exploit 
Remote