Joomla Third-Party Plugins Multiple SQL Injection Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for Joomla:#- Advertisement Board: SQL injection in the "id" parameter#- BookLibrary: SQL injection#- Easyblog: SQL injection in the "id" parameter#- registrationpro: SQL injection in the "did" parameter#- fidecalendar: SQL injection in the "aid" parameter#- sngevetns: SQL injection in the "id" parameter#- Simple Membership: SQL injection in the "userId" parameter#- Kunena: SQL injection in the "id" parameter#- Virtuemart: SQL injection in the "id" parameter#- Vik Rent Car: multiple SQL injection in the "place" parameter#- Vik Appointments : SQL injection.##A remote attacker could exploit them in order to perform operations on the database via requests containing specially crafted SQL.##Proofs of concept are available.)
     
Vulnerable Products   Vulnerable Software:
Joomla (OSM Development Team) -
     
Solution   - BookLibrary: 3.6.15
     
CVE  
     
References   - exploit-db : Joomla! Component Advertisement Board 3.0.4 - 'id' Parameter SQL Injection
https://www.exploit-db.com/exploits/41600/?rss
- vel.joomla : BookLibrary,3.6.14,SQL Injection
https://vel.joomla.org/live-vel/1937-booklibrary-3-6-1-sql-injection
- bugtraq : Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/51
- bugtraq : Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/52
- bugtraq : Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/53
- bugtraq : Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/54
- exploit-db : Joomla! Component Simple Membership 3.3.3 - 'userId' Parameter SQL Injection
https://www.exploit-db.com/exploits/41599/?rss
- bugtraq : Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/55
- bugtraq : Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability
http://seclists.org/bugtraq/2017/Mar/56
- exploit-db : Joomla! Component Vik Rent Car 1.11 - SQL Injection
https://www.exploit-db.com/exploits/41604/?rss
- exploit-db : Joomla! Component Vik Rent Items 1.3 - SQL Injection
https://www.exploit-db.com/exploits/41603/?rss
- exploit-db : Joomla! Component Vik Appointments 1.5 - SQL Injection
https://www.exploit-db.com/exploits/41602/?rss
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2017-03-14 

 Target Type 
Client 

 Possible exploit 
Remote