← back
CVE-2017-20269

Joomla! Component KissGallery 1.0.0 SQL Injection

CVSS 8.8 HIGHEPSS 0.3%CWE-89
Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Terrywcarter · KissGallery
public PoCs found1
cve_referencewww.exploit-db.com/exploits/42494unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/https://www.exploit-db.com/exploits/42494https://www.vulncheck.com/advisories/joomla-component-kissgallery-sql-injectionhttp://terrywcarter.com/