7.5
CVSSv2

CVE-2018-6394

Published: 17/02/2018 Updated: 02/03/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.

Affected Products

Vendor Product Versions
TechjoomlaInvitex3.0.5

Exploits

# # # # # Exploit Title: Joomla! Component InviteX 305 - SQL Injection # Dork: N/A # Date: 16022018 # Vendor Homepage: techjoomlacom/ # Software Link: extensionsjoomlaorg/extensions/extension/content-sharing/bookmark-a-recommend/invitex/ # Version: 305 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: CVE-2018-6 ...

Mailing Lists

Joomla! InviteX component version 305 suffers from a remote SQL injection vulnerability ...