Skip to content

Instantly share code, notes, and snippets.

Created April 13, 2017 02:58
Show Gist options
  • Save anonymous/14576258b0e66bb25ca4b7ca1638e51f to your computer and use it in GitHub Desktop.
Save anonymous/14576258b0e66bb25ca4b7ca1638e51f to your computer and use it in GitHub Desktop.
3 Vulnerability in "Smart related articles" extension 1.1 for Joomla!.
> [Description]
> The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
>
> ------------------------------------------
>
> [Additional Information]
> this vulnerability reported to Joomla extensions Site.
> https://extensions.joomla.org/extension/smart-related-articles/
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> joomla extensions - Iacopo Guarneri
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Smart related articles - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> Joomla_root_path/plugins/editors-xtd/smartrelatedarticles/dialog.php
> n_art,type in GET Method.
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Reference]
> https://extensions.joomla.org/extension/smart-related-articles/
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> APA Center at University Of birjand
Use CVE-2017-7626.
> [Description]
> The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php
> (there is a missing _JEXEC check).
>
> ------------------------------------------
>
> [Additional Information]
> this vulnerability reported to Joomla extensions Site.
> https://extensions.joomla.org/extension/smart-related-articles/
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> joomla extensions - Iacopo Guarneri
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Smart related articles - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> Direct Access to dialog.php
> Joomla_root_path/plugins/editors-xtd/smartrelatedarticles/dialog.php
> define('_JEXEC', 1 );
> defined('_JEXEC') or die;
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Reference]
> https://extensions.joomla.org/extension/smart-related-articles/
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> APA Center at University Of birjand
Use CVE-2017-7627.
> [Description]
> The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php
> (attacker must use search_cats variable in POST method to exploit this vulnerability).
>
> ------------------------------------------
>
> [Additional Information]
> this vulnerability reported to Joomla extensions Site.
> https://extensions.joomla.org/extension/smart-related-articles/
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection
>
> ------------------------------------------
>
> [Vulnerability Type]
> SQL Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> joomla extensions - Iacopo Guarneri
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Smart related articles - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> http://joomla-site/plugins/editors-xtd/smartrelatedarticles/dialog.php
>
> attacker must used search_cats variable in POST method to exploit this vulnerability.
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Reference]
> https://extensions.joomla.org/extension/smart-related-articles/
> https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> APA Center at University Of birjand
Use CVE-2017-7628.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment