CVE-2010-4838

Sažetak

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

Reference

http://packetstormsecurity.org/files/view/95797/joomlajsupport-sql.txt
http://secunia.com/advisories/42262
http://securityreason.com/securityalert/8379
http://www.exploit-db.com/exploits/15502
http://www.xenuser.org/documents/security/Joomla_com_jsupport_SQLi.txt

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

14-02-2012 - 04:02

Objavljeno

14-09-2011 - 02:56