Info

Last Modified

4 months ago

Percent Complete

25%

Disclosure

Jan 31, 2008

Discovery

Unknown

Dates

Exploit

Jan 31, 2008

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Available
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Products

Unknown or Incomplete

References

Milw0rm: 5030
ISS X-Force ID: 40142
CVE ID: 2008-0557 (see also: NVD)
Vendor URL: http://webscripts.softpedia.com/script/Modules/Joomla-Mambo-Modules/CatalogShop-8 ......
http://www.joomla.org/component/option,com_frontpage/Itemid,1/
http://www.mamboserver.com/

Manual Testing Notes

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

2008/02/04 00:00:00 | CVE-2008-0557

from: National Vulnerability Database

SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Views This Week

Views All Time