RSS   Vulnerabilities for 'Jomres'   RSS

2020-01-02
 
CVE-2013-3932

CWE-89
 

 
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.

 
 
CVE-2013-3931

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.

 


Copyright 2024, cxsecurity.com

 

Back to Top