Joomla JomEvents 3.7 SQL Injection

2017.12.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla JomEvents 3.7 - SQL Injection #Credit: Bilal KARDADOU #Vendor: http://comdev.eu #URL: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jomevents/ #Product: 'Joomla JomEvents 3.7' #Developer: Comdev #Extension type: Plugin #Last updated: Oct 29 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: N/A ################################################ # # Description: # JomEvent offers an event management system which provides design and seamless integration with your current Joomla deployment. # Look no further: JomEvents is a one-stop-shop for your events website implementation. # # POST -p [distancew & date_end] # # http://127.0.0.1/joomla/index.php?option=com_jomcomdev&task=maps.itemsjv&format=json&extension=com_jomevents&limit=100 # # title=hello&address-lat-lng=London%2C%20United%20Kingdom&distancew=50&date_start=2016-12-11&date_end=2017-01-01&latitude=51.5073509&longitude=-0.12775829999998223&26472415b6677db80c6b2404296e4a39=1& # # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top