Joomla! Component Reverse Auction Factory 4.3.8 SQLI

Description

SQL injection is a type of attack where malicious SQL queries are inserted into input data, allowing attackers to manipulate the database. Successful exploitation can lead to data theft, modification of database records, unauthorized access, and even control over the entire database management system (DBMS).

Recommendation

Update or remove the affected plugin.

References

• OWASP: SQL Injection
• OWASP: ESAPI project
• Wikipedia: Prepared statement
• Joomla!
• CVE-2018-17376
• CWE-20
• CWE-89
• CAPEC-66
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Joomla! Component Jobs Factory 2.0.4 SQLI - CVE-2018-17382
• Joomla! Component Advertisement Board 3.1.0 'catname' SQLI - CVE-2018-5982
• Joomla! Component Aist 2.0 'id' SQLI - CVE-2018-5993
• Joomla! Component AllVideos Reloaded 1.2.x 'divid' SQLI - CVE-2018-5990

Tags:

Joomla

SQLI

SQL Injection

Database

Injection