Joomla! Extension 'JCK Suite' - 'jckeditor' =< 6.4.4 Privilege Escalation
High Nessus Plugin ID 121255
SynopsisThe remote Joomla! application has a plugin installed that is vulnerable to a sql injection attack.
DescriptionThe Joomla! application running on the remote host has a version of 'JCK Suite' - 'jckeditor' extension that is prior or equal to 6.4.4.
As such, the host is affected by a SQL injection (SQLi) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.
SolutionUpdate the 'JCK Suite' - 'jckeditor' extension through the administrative dashboard.