BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Joomla! ‘se_regs[]‘ Parameter SQL Injection

Disclosed May 6, 2013    Fully Patched

Vulnerability Description:

The DJ Classifieds Joomla! extension (version 2.3.3 and earlier) contains a Blind SQL injection vulnerability, made possible via the se_regs[] parameter. This allows an attacker to query the database, potentially gaining access to sensitive information contained therein. 

Vendors:

Joomla! DJ Classifieds Extension

Vulnerable Software/Devices:

Joomla! DJ Classifieds Extension 2.3.3 and earlier versions.

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19084 - Joomla! 'se_regs[]' Parameter SQL Injection

Mitigation:

Update your DJ Classifieds installation to v2.3.4.

Links:

CVE(s):

None

Leave a Reply