SQL Injection Flaw Found in Joomla ‘Com_Mobile’ and Other Components

Researchers from the Vulnerability Lab found a high-risk SQL Injection vulnerability in Joomla’s com_mobile component.

The security flaw discovered in the popular content management system’s (CMS) component allows a remote attacker to inject his own SQL commands on the affected application’s database management system (DBMS).

If the weakness is successfully exploited, a hacker could compromise the DBMS, the website and the application.

Experts from the TheCyberNuxbie found the same flaw in other Joomla components such as com_full, com_car and com_sanpham. A number of zero-day LFI vulnerabilities were found in components such as com_boss, com_some, com_bulkequery and com_kp.

All the security holes were identified in the past few days, but for now there is no information provided for workarounds or patches.

Unfortunately, the ones that found them claim that even some government websites use these components, potentially exposing them to malicious operations.