Description
Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.
Problem types
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
Credits
Ihsan Sencan
References
www.exploit-db.com/exploits/42494 (ExploitDB-42494)
terrywcarter.com/ (Official Product Homepage)
extensions.joomla.org/...tos-a-images/galleries/kissgallery/ (Product Reference)
www.vulncheck.com/...mla-component-kissgallery-sql-injection (VulnCheck Advisory: Joomla! Component KissGallery 1.0.0 SQL Injection)