Joomla Jtag Minicart 4.1.0 SQL Injection

2017.12.30
Credit: Bilal KARDADOU
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla Jtag Minicart 4.1.0 - SQL injection #Credit: Bilal KARDADOU #Vendor: https://joomlatag.com #URL: https://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/jtag-minicart/ #Product: 'Joomla Jtag Minicart 4.1.0' #Developer: JoomlaTag #Last updated: Jun 06 2016 #Compatibility: 3.X #Type: Paid download ################################################ # # Description: # tag Minicart is a simple but versatile shopping cart extension for Joomla. Jtag Minicart allows you to showcase your products, add product categories, product images, descriptions and more as well as allowing users to purchase these items, with support for shipping and tax calculation. # # POST -p [product] # # http://127.0.0.1/jtag-minicart/index.php?option=com_jtagminicart # # product=9[SQL]&date=2017-12-29+13%3A35%3A46 # # PoC: # https://prnt.sc/hu0wzv # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top