Vulnerabilities > CVE-2007-0373 - SQL Injection vulnerability in Joomla 1.5.0Beta
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
joomla
Summary
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/54195/joomla150beta-sql.txt |
| id | PACKETSTORM:54195 |
| last seen | 2016-12-05 |
| published | 2007-02-06 |
| reporter | Omid |
| source | https://packetstormsecurity.com/files/54195/joomla150beta-sql.txt.html |
| title | joomla150beta-sql.txt |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
- http://osvdb.org/32527
- http://osvdb.org/32528
- http://osvdb.org/32529
- http://osvdb.org/32530
- http://osvdb.org/32531
- http://osvdb.org/32532
- http://osvdb.org/32533
- http://www.hackers.ir/advisories/festival.txt
- http://www.securityfocus.com/archive/1/459203/100/0/threaded
- http://www.securityfocus.com/bid/22122