CVE-2017-20263

Joomla! FocalPoint Pro Free 1.2.3 SQL Injection via location

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_focalpoint, view=location, and a crafted id parameter containing SQL commands to extract sensitive database information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Focalpointx · FocalPoint Pro / Free

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/42530no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://focalpointx.com/http://focalpointx.com/demos/focalpoint-pro https://www.exploit-db.com/exploits/42530 https://www.vulncheck.com/advisories/joomla-focalpoint-pro-free-sql-injection-via-location