Published: 20/09/2018 Updated: 09/11/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The CWJoomla CW Article Attachments PRO extension prior to 2.0.7 and CW Article Attachments FREE extension prior to 1.0.6 for Joomla! allow SQL Injection within download.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cwjoomla cw article attachments pro
cwjoomla cw article attachments free

# Exploit Title: Joomla! CW Article Attachments 106 - 'id' SQL Injection # Date: 2018-09-20 # Exploit Author: Haboob Team # Software Link: extensionsjoomlaorg/extension/cw-article-attachments/ # Version: below < 106 # CVE : CVE-2018-14592 # cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2018-14592 # 1 Description # The CWJoo ...

Joomla CW Article Attachments extension version 106 suffers from a remote SQL injection vulnerability ...

An optimized Python3 library to fetch the most recent exploit-database, create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide methods to perform searches.

pyExploitDb (govanguardcom) Authors: Shane William Scott About pyExploitDb An optimized Python3 library to fetch the most recent exploit-database, create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide methods to perform searches Last DB Refresh: 02/24/2023 Upcoming features CPE database, indexes and mappings Installation pip install

CWE-89 http://www.cwjoomla.com/download-cw-article-attachments https://www.exploit-db.com/exploits/45447/https://nvd.nist.gov https://github.com/GoVanguard/pyExploitDb https://www.exploit-db.com/exploits/45447/

CVE-2018-14592

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect