Joomla JMultipleHotelReservation 6.0.5 SQL Injection

2018.01.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla JMultipleHotelReservation 6.0.5 - SQL injection #Credit: Bilal KARDADOU #Vendor: http://www.cmsjunkie.com/joomla-hotel-portal #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jmultiplehotelreservation/ #Product: 'Joomla JMultipleHotelReservation 6.0.5' #Developer: CMSJunkie #Extension type: Plugin #Last updated: Oct 30 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: inurl:"Google is your Friend" ################################################ # # Description: # With over nine years of experience in the lodging industry, we offer an easy to use, professional multiple hotel # reservation software. Joomla Multiple Hotel Reservation is offering management and reservation solutions for # all types of hotels, motels, B&B, resorts, apartments etc. # # # --Method=GET -p [term] # # -u " http://127.0.0.1/j-myhotel/component/j-hotelportal/?task=hotels.getSuggestionsList&term=a/b'/[SQLI] " # # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top