CVE-2019-25748

Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the rooms parameter to extract sensitive database information including version details.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Cmsjunkie · JHotelReservation

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/46234no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://cmsjunkie.com/https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jhotelreservation/https://www.exploit-db.com/exploits/46234 https://www.vulncheck.com/advisories/joomla-jhotelreservation-sql-injection-via-search-hotels