JoomGallery for Joomla! < 3.3.4 SQL Injection

Medium Nessus Plugin ID 105508


The remote web server is running a PHP application that is affected by a SQL Injection Vulnerability.


According to its self-reported version, the JoomGallery Plugin for Joomla! running on the remote web server is prior to 3.3.4. It is, therefore, affected by multiple SQL injection vulnerabilities in '/models/category.php' and '/models/detail.php' due to improper sanitization of user-supplied input of the 'jg_firstorder', 'jg_secondorder' and 'jg_thirdorder' parameters before using it to construct database queries.

A remote attacker can leverage this issue to launch SQL injection attacks against the affected application, leading to discovery of sensitive information and attacks against the underlying database.


Upgrade JoomGallery for Joomla! to version 3.3.4 or greater, or disable and remove the vulnerable plugin.

See Also

Plugin Details

Severity: Medium

ID: 105508

File Name: joomla_joomgallery_334.nasl

Version: $Revision: 1.2 $

Type: remote

Family: CGI abuses

Published: 2018/01/02

Modified: 2018/01/03

Dependencies: 21142

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:joomla:joomla!

Required KB Items: installed_sw/Joomla!, www/PHP

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2017/09/27

Reference Information

OSVDB: 168428