SQL Injection Flaw Found in Joomla ‘Com_Mobile’ and Other Components

Learn what other components contain the same vulnerabilities

By on January 23rd, 2012 09:38 GMT

Researchers from the Vulnerability Lab found a high-risk SQL Injection vulnerability in Joomla’s com_mobile component.

The security flaw discovered in the popular content management system’s (CMS) component allows a remote attacker to inject his own SQL commands on the affected application’s database management system (DBMS).

If the weakness is successfully exploited, a hacker could compromise the DBMS, the website and the application.

Experts from the TheCyberNuxbie found the same flaw in other Joomla components such as com_full, com_car and com_sanpham. A number of zero-day LFI vulnerabilities were found in components such as com_boss, com_some, com_bulkequery and com_kp.

All the security holes were identified in the past few days, but for now there is no information provided for workarounds or patches.

Unfortunately, the ones that found them claim that even some government websites use these components, potentially exposing them to malicious operations.
Joomla administration panel
   Joomla administration panel
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments