Description
Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.
Problem types
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
Credits
Ihsan Sencan
References
www.exploit-db.com/exploits/42415 (ExploitDB-42415)
www.vulncheck.com/...essional-sql-injection-via-learningpath (VulnCheck Advisory: Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath)