Detections
Analytics

JoomGallery for Joomla! < 3.3.4 SQL Injection

medium Nessus Plugin ID 105508

Language:

Synopsis

The remote web server is running a PHP application that is affected by a SQL Injection Vulnerability.

Description

According to its self-reported version, the JoomGallery Plugin for Joomla! running on the remote web server is prior to 3.3.4. It is, therefore, affected by multiple SQL injection vulnerabilities in '/models/category.php' and '/models/detail.php' due to improper sanitization of user-supplied input of the 'jg_firstorder', 'jg_secondorder' and 'jg_thirdorder' parameters before using it to construct database queries.

A remote attacker can leverage this issue to launch SQL injection attacks against the affected application, leading to discovery of sensitive information and attacks against the underlying database.

Solution

Upgrade JoomGallery for Joomla! to version 3.3.4 or greater, or disable and remove the vulnerable plugin.

See Also

https://github.com/JoomGallery/JoomGallery/pull/122/files

http://www.joomgallery.net

Plugin Details

Severity: Medium

ID: 105508

File Name: joomla_joomgallery_334.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 1/2/2018

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:joomla:joomla%21

Required KB Items: www/PHP, installed_sw/Joomla!

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 9/27/2017