ГлавнаяУязвимости → CVE-2017-20269
8.2высокая

CVE-2017-20269

Описание

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.

CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Источники
http://terrywcarter.com/https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/https://www.exploit-db.com/exploits/42494https://www.vulncheck.com/advisories/joomla-component-kissgallery-sql-injection