Created
April 13, 2017 02:58
-
-
Save anonymous/14576258b0e66bb25ca4b7ca1638e51f to your computer and use it in GitHub Desktop.
3 Vulnerability in "Smart related articles" extension 1.1 for Joomla!.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Description] | |
> The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> this vulnerability reported to Joomla extensions Site. | |
> https://extensions.joomla.org/extension/smart-related-articles/ | |
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection | |
> | |
> ------------------------------------------ | |
> | |
> [Vulnerability Type] | |
> Cross Site Scripting (XSS) | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> joomla extensions - Iacopo Guarneri | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Smart related articles - 1.0 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Joomla_root_path/plugins/editors-xtd/smartrelatedarticles/dialog.php | |
> n_art,type in GET Method. | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://extensions.joomla.org/extension/smart-related-articles/ | |
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection | |
> | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> APA Center at University Of birjand | |
Use CVE-2017-7626. | |
> [Description] | |
> The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php | |
> (there is a missing _JEXEC check). | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> this vulnerability reported to Joomla extensions Site. | |
> https://extensions.joomla.org/extension/smart-related-articles/ | |
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection | |
> | |
> ------------------------------------------ | |
> | |
> [Vulnerability Type] | |
> Incorrect Access Control | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> joomla extensions - Iacopo Guarneri | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Smart related articles - 1.0 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Direct Access to dialog.php | |
> Joomla_root_path/plugins/editors-xtd/smartrelatedarticles/dialog.php | |
> define('_JEXEC', 1 ); | |
> defined('_JEXEC') or die; | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://extensions.joomla.org/extension/smart-related-articles/ | |
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection | |
> | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> APA Center at University Of birjand | |
Use CVE-2017-7627. | |
> [Description] | |
> The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php | |
> (attacker must use search_cats variable in POST method to exploit this vulnerability). | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> this vulnerability reported to Joomla extensions Site. | |
> https://extensions.joomla.org/extension/smart-related-articles/ | |
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection | |
> | |
> ------------------------------------------ | |
> | |
> [Vulnerability Type] | |
> SQL Injection | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> joomla extensions - Iacopo Guarneri | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Smart related articles - 1.0 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> http://joomla-site/plugins/editors-xtd/smartrelatedarticles/dialog.php | |
> | |
> attacker must used search_cats variable in POST method to exploit this vulnerability. | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://extensions.joomla.org/extension/smart-related-articles/ | |
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection | |
> | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> APA Center at University Of birjand | |
Use CVE-2017-7628. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment