Joomla JomEstate PRO 3.7 SQL Injection

2017.12.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla JomEstate PRO 3.7 - SQL Injection #Credit: Bilal KARDADOU #Vendor: http://comdev.eu #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/ #Product: 'Joomla JomEstate PRO 3.7' #Developer: Comdev #Extension type: Plugin #Last updated: Oct 29 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: N/A ################################################ # # Description: # Real Estate JomEstate component allows you to create an Real Estate Portal or Real Estate Agency Website in minutes. # It is perfect for independent estate agents, property rental companies and property developers! # # POST -p [tags & je_mod_price] # # http://127.0.0.1/joomla/index.php?option=com_jomcomdev&task=maps.itemsje&format=json&extension=com_jomestate&limit=100 # # address-lat-lng=&distance=25&latitude=&longitude=&tags=[SQL]&categories_id=69&categories_type_id=&je_mod_price=0%3B5000000[SQL]&search=&favorites=0&featured=0&7c9b27566c6137c71bed4d786aea0322=1& # # PoC: # https://prnt.sc/hu0ha2 # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top