JoomGallery for Joomla! < 3.3.4 SQL Injection
Medium Nessus Plugin ID 105508
SynopsisThe remote web server is running a PHP application that is affected by a SQL Injection Vulnerability.
DescriptionAccording to its self-reported version, the JoomGallery Plugin for Joomla! running on the remote web server is prior to 3.3.4. It is, therefore, affected by multiple SQL injection vulnerabilities in '/models/category.php' and '/models/detail.php' due to improper sanitization of user-supplied input of the 'jg_firstorder', 'jg_secondorder' and 'jg_thirdorder' parameters before using it to construct database queries.
A remote attacker can leverage this issue to launch SQL injection attacks against the affected application, leading to discovery of sensitive information and attacks against the underlying database.
SolutionUpgrade JoomGallery for Joomla! to version 3.3.4 or greater, or disable and remove the vulnerable plugin.