Joomla! Component Form Maker 3.6.12 SQLI
Impact: High
Description
SQL injection is a type of attack where malicious SQL queries are inserted into input data, allowing attackers to manipulate the database. Successful exploitation can lead to data theft, modification of database records, unauthorized access, and even control over the entire database management system (DBMS).
Recommendation
Update or remove the affected component.
References
- CVE-2018-5991
- CWE-20
- CWE-89
- form maker
- Joomla!
- OWASP 2021-A3
- OWASP 2021-A6
- OWASP: ESAPI project
- OWASP: SQL Injection
- Wikipedia: Prepared statement
👉 You might also like:
Joomla! Component Advertisement Board 3.1.0 'catname' SQLI - CVE-2018-5982
Joomla! Component Aist 2.0 'id' SQLI - CVE-2018-5993
Joomla! Component AllVideos Reloaded 1.2.x 'divid' SQLI - CVE-2018-5990
Joomla! Component CcNewsletter 2.x.x 'id' SQLI - CVE-2018-5989
Last updated on May 13, 2024