JoomGallery for Joomla! < 3.3.4 SQL Injection

Medium Nessus Plugin ID 105508

Synopsis

The remote web server is running a PHP application that is affected by a SQL Injection Vulnerability.

Description

According to its self-reported version, the JoomGallery Plugin for Joomla! running on the remote web server is prior to 3.3.4. It is, therefore, affected by multiple SQL injection vulnerabilities in '/models/category.php' and '/models/detail.php' due to improper sanitization of user-supplied input of the 'jg_firstorder', 'jg_secondorder' and 'jg_thirdorder' parameters before using it to construct database queries.

A remote attacker can leverage this issue to launch SQL injection attacks against the affected application, leading to discovery of sensitive information and attacks against the underlying database.

Solution

Upgrade JoomGallery for Joomla! to version 3.3.4 or greater, or disable and remove the vulnerable plugin.

See Also

https://github.com/JoomGallery/JoomGallery/pull/122/files

http://www.joomgallery.net

Plugin Details

Severity: Medium

ID: 105508

File Name: joomla_joomgallery_334.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 2018/01/02

Modified: 2018/06/14

Dependencies: 21142

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 6.6

Temporal Score: 5.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:joomla:joomla!

Required KB Items: installed_sw/Joomla!, www/PHP

Vulnerability Publication Date: 2017/09/27