Joomla Jtag Minicart 4.1.0 SQL Injection

2017.12.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla Jtag Minicart 4.1.0 - SQL injection #Credit: Bilal KARDADOU #Vendor: https://joomlatag.com #URL: https://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/jtag-minicart/ #Product: 'Joomla Jtag Minicart 4.1.0' #Developer: JoomlaTag #Last updated: Jun 06 2016 #Compatibility: 3.X #Type: Paid download ################################################ # # Description: # tag Minicart is a simple but versatile shopping cart extension for Joomla. Jtag Minicart allows you to showcase your products, add product categories, product images, descriptions and more as well as allowing users to purchase these items, with support for shipping and tax calculation. # # POST -p [product] # # http://127.0.0.1/jtag-minicart/index.php?option=com_jtagminicart # # product=9[SQL]&date=2017-12-29+13%3A35%3A46 # # PoC: # https://prnt.sc/hu0wzv # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top