Description
Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.
Problem types
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
Credits
Teng
References
www.exploit-db.com/exploits/42347 (ExploitDB-42347)
joomboost.com/ (Official Product Homepage)
extensions.joomla.org/...markets/food-a-beverage/joomrecipe/ (Product Reference)
www.vulncheck.com/...t-blind-sql-injection-via-search-author (VulnCheck Advisory: Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author)