Description
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.
Problem types
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
Credits
Ihsan Sencan
References
www.exploit-db.com/exploits/42552 (ExploitDB-42552)
www.weborange.eu/ (Official Product Homepage)
www.weborange.eu/...xtensions-vm3/bargain-product-vm3-detail (Product Reference)
www.vulncheck.com/...onent-bargain-product-vm3-sql-injection (VulnCheck Advisory: Joomla! Component Bargain Product VM3 1.0 SQL Injection)