Joomla! Component AllVideos Reloaded 1.2.x 'divid' SQLI
Impact: High
Description
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. OWASP
Recommendation
Update or remove the affected plugin.
References
- AllVideos
- OWASP: SQL Injection
- OWASP: ESAPI project
- Wikipedia: Prepared statement
- Joomla!
- CVE-2018-5990
- OWASP 2017-A9
- OWASP 2021-A6
- CWE-89
- OWASP 2017-A1
- OWASP 2021-A3
- CWE-20
👉 You might also like:
Joomla! Component Advertisement Board 3.1.0 'catname' SQLI - CVE-2018-5982
Joomla! Component Aist 2.0 'id' SQLI - CVE-2018-5993
Joomla! Component CcNewsletter 2.x.x 'id' SQLI - CVE-2018-5989
Joomla! Component DT Register 3.2.7 'id' SQLI - CVE-2018-6584
Last updated on April 10, 2022