Signature Detail
Short Name |
HTTP:SQL:INJ:JOOMLA-COM-CCBOARD |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Joomla CCBoard Component topic Parameter SQL Injection |
Release Date |
2011/06/10 |
Update Number |
1935 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Joomla CCBoard Component topic Parameter SQL Injection
This signature detects attempts to exploit a known vulnerability in the Joomla's com_ccboard component. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
http://www.noticeboardpro.com/notice-board-pro-copyright.htmlJoomla CCBoard is prone to an SQL-injection vulnerability and an arbitrary-file-upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.
Affected Products
- Joomla CCBoard
References
- BugTraq: 48108
- URL: http://www.joomla.org
- URL: http://www.codeclassic.org/