Joomla Third-Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for Joomla:##Several SQL injections in the following third-party plugins:#- WMT Content Timeline#- EShop#- OS Services Booking#- Room Management#- OS Property#- Joomloc-CAT#- Joomloc-Lite#- JomWALL#- dcrc#- topics#- docman#- Groovy Gallery#- Team Display#- djcatalog2#- maxcomment#- Most Wanted Real Estate#- Bazaar Platform#- Google Map Store Locator#- PayPal IPN for DOCman#- MaQma Helpdesk#- JE grid folio#- rsgallery2#- Anief#- JE Property Finder#- Magic Deals Web#- Directorix Directory Manager#- AppointmentBookingPro#- J-BusinessDirectory#- J-MultipleHotelReservation Standard#- J-HotelPortal#- Eventix Events Calendar#- J-CruiseReservation Standard#- RealEstateManager#- BookLibrary#- MediaLibrary Basic#- VehicleManager#- ContentMap#- digistore#- redshop.##A cross-site scripting vulnerability in Fabrik.##Proofs of concepts are available.)
     
Vulnerable Products   Vulnerable Software:
Joomla (OSM Development Team) -
     
Solution   Version 4.0.2 (RC2) of plugin AppointmentBookingPro fixes the vulnerability.
     
CVE  
     
References   - exploit-db : Joomla! Component WMT Content Timeline 1.0 - 'id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41382
- exploit-db : Joomla! Component EShop 2.5.1 - 'id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41387
- exploit-db : Joomla! Component OS Services Booking 2.5.1 - SQL Injection
https://www.exploit-db.com/exploits/41388
- exploit-db : Joomla! Component Room Management 1.0 - SQL Injection
https://www.exploit-db.com/exploits/41389
- exploit-db : Joomla! Component OS Property 3.0.8 - SQL Injection
https://www.exploit-db.com/exploits/41386/
- exploit-db : Joomla! Component Joomloc-CAT 4.1.3 - 'ville' Parameter SQL Injection
https://www.exploit-db.com/exploits/41383/
- exploit-db : Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41384/
- exploit-db : Joomla! Component JomWALL 4.0 - 'wuid' Parameter SQL Injection
https://www.exploit-db.com/exploits/41385/
- CXSecurity : Joomla Component com_dcrc 'pid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020176
- CXSecurity : Joomla Component com_topics 'id' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020175
- CXSecurity : Joomla Component com_docman 'gid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020174
- 0day.today : Joomla Groovy Gallery 1.0.0 Component - SQL Injection Vulnerability
http://0day.today/exploits/27038
- 0day.today : Joomla Team Display 1.2.1 Component - filter_category Parameter SQL Injection Vulnerability
http://0day.today/exploits/27039
- CXSecurity : Joomla Component com_djcatalog2 'cid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020185
- CXSecurity : Joomla Component com_maxcomment Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020184
- 0day.today : Joomla Most Wanted Real Estate 1.1.0 Component - SQL Injection Vulnerability [#0day #Exploit]
http://0day.today/exploits/27057
- 0day.today : Joomla Bazaar Platform 3.0 Component - SQL Injection Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
http://0day.today/exploits/27053
- 0day.today : Joomla Google Map Store Locator 4.4 Component - SQL Injection Vulnerability [#0day #Exploit]
http://0day.today/exploits/27050
- exploit-db : Joomla! Component PayPal IPN for DOCman 3.1 - 'id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41400/
- exploit-db : Joomla! Component MaQma Helpdesk 4.2.7 - 'id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41399/
- Joomla vel : je grid folio,probably all versions,SQL Injection
https://vel.joomla.org/live-vel/1920-je-grid-folio-all-sql-injection
- CXSecurity : Joomla Component Com_rsgallery2 'gid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020189
- PacketStorm : Joomla Anief 1.5 SQL Injection
https://packetstormsecurity.com/files/141180/joomlaanief15-sql.txt
- Joomla vel : JE Property Finder,1.6.3,SQL Injection
https://vel.joomla.org/live-vel/1917-je-property-finder-1-6-3-sql-injection
- exploit-db : Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
https://www.exploit-db.com/exploits/41410/
- exploit-db : Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection
https://www.exploit-db.com/exploits/41409/
- exploit-db : Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection
https://www.exploit-db.com/exploits/41412/
- exploit-db : Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection
https://www.exploit-db.com/exploits/41411/
- exploit-db : Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41408/
- exploit-db : Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41405/
- exploit-db : Joomla! Component Eventix Events Calendar 1.0 - SQL Injection
https://www.exploit-db.com/exploits/41407/
- exploit-db : Joomla! Component J-CruiseReservation Standard 3.0 - 'city' Parameter SQL Injection
https://www.exploit-db.com/exploits/41406/
- exploit-db : Joomla! Component RealEstateManager 3.9 - SQL Injection
https://www.exploit-db.com/exploits/41429/
- exploit-db : Joomla! Component BookLibrary 3.6.1 - SQL Injection
https://www.exploit-db.com/exploits/41430/
- exploit-db : Joomla! Component MediaLibrary Basic 3.5 - SQL Injection
https://www.exploit-db.com/exploits/41431/
- exploit-db : Joomla! Component VehicleManager 3.9 - SQL Injection
https://www.exploit-db.com/exploits/41428/
- exploit-db : Joomla! Component ContentMap 1.3.8 - 'contentid' Parameter SQL Injection
https://www.exploit-db.com/exploits/41427/
- CXSecurity : Joomla Component com_digistore 'cid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020200
- CXSecurity : Joomla Component com_redshop 'Pid' Parameter Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020199
- CXSecurity : Joomla Component com_fabrik XSS Injection Vulnerability
https://cxsecurity.com/issue/WLB-2017020198
- Joomla : AppointmentBookingPro,4.0.1,SQL Injection
https://vel.joomla.org/live-vel/1957-appointmentbookingpro-4-0-1-sql-injection
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data
5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data
5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data
5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data
5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data
5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data
5.0.0
SQL injection Prevention - POST : suspicious OR statement in data
5.0.0
SQL injection Prevention - POST : possible version probing in data
5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-02-17 

 Target Type 
Server 

 Possible exploit 
Remote