Joomla! Spider Catalog Component "product_id" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA51140

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51140/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51140

RELEASE DATE:
2012-11-01

DESCRIPTION:
A vulnerability has been reported in the Spider Catalog component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "product_id" parameter to index.php (when
"option" is set to "com_spidercatalog") is not properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.1. Other versions may also
be affected.

SOLUTION:
No official solution is currently available.

PROVIDED AND/OR DISCOVERED BY:
Daniel Barragan "D4NB4R"

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/22403/

RECENT ARTICLE

RECENT POST