SQL Injection Vulnerability in Joomla! 3.7

Discussion in 'Site Security & Legal Issues' started by Feeder, May 17, 2017 at 1:13 PM.

  1. Feeder

    Feeder Fan

    709
    75
    +135
    ablog.sucuri.net_wp_content_uploads_2017_05_joomla_vulnerability_3.7_560x263.png

    During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability is easy to exploit and doesn’t require a privileged account on the victim’s site.

    Are You at Risk?

    The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. If you use this version, you are affected and should update as soon as possible. This vulnerable component is publicly accessible, which means this issue can be exploited by any malicious individual visiting your site.

    Continue reading SQL Injection Vulnerability in Joomla! 3.7 at Sucuri Blog.

    afeeds_feedburner_com__ff_sucuri_blog_90875f527880786621fd034e7fa2f873._.gif
    afeeds_feedburner_com__r_sucuri_blog__4_D__vHZhjnxQ_.gif

    Continue reading...
     
Verification:
Draft saved Draft deleted