JoomGallery for Joomla! < 3.3.4 SQL Injection

This script is Copyright (C) 2018 Tenable Network Security, Inc.


Synopsis :

The remote web server is running a PHP application that is affected
by a SQL Injection Vulnerability.

Description :

According to its self-reported version, the JoomGallery Plugin for
Joomla! running on the remote web server is prior to 3.3.4. It is,
therefore, affected by multiple SQL injection vulnerabilities in
'/models/category.php' and '/models/detail.php' due to improper
sanitization of user-supplied input of the 'jg_firstorder',
'jg_secondorder' and 'jg_thirdorder' parameters before using it to
construct database queries.

A remote attacker can leverage this issue to launch SQL injection
attacks against the affected application, leading to discovery of
sensitive information and attacks against the underlying database.

See also :

https://github.com/JoomGallery/JoomGallery/pull/122/files
http://www.joomgallery.net

Solution :

Upgrade JoomGallery for Joomla! to version 3.3.4 or greater, or
disable and remove the vulnerable plugin.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CGI abuses

Nessus Plugin ID: 105508 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now