SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 prior to 3.4.5 allows remote malicious users to execute arbitrary SQL commands via the list[select] parameter to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joomla joomla\\! 3.2.0 |
||
joomla joomla\\! 3.2.1 |
||
joomla joomla\\! 3.3.4 |
||
joomla joomla\\! 3.4.0 |
||
joomla joomla\\! 3.3.2 |
||
joomla joomla\\! 3.3.3 |
||
joomla joomla\\! 3.2.4 |
||
joomla joomla\\! 3.3.0 |
||
joomla joomla\\! 3.3.1 |
||
joomla joomla\\! 3.4.3 |
||
joomla joomla\\! 3.4.4 |
||
joomla joomla\\! 3.2.2 |
||
joomla joomla\\! 3.2.3 |
||
joomla joomla\\! 3.4.1 |
||
joomla joomla\\! 3.4.2 |
No coupon? Just make yourself ADMIN.
Popular content management system (CMS) Joomla has pushed three patches, including a critical fix for SQL injection vulnerabilities that allow attackers to become admins on most customer websites. The team issued fix 3.4.5 addressing the SQLi vulnerabilities (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858) which exist in version 3.2 to 3.4.4 and were identified earlier this month. Joomla is used by the likes of Barnes and Noble, eBay, and Peugeot. Trustwave's Asaf Orpani and PerimeterX's Netanel Ru...