Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Joomla
  • Joomla\!
Jextn
  • Com Jefaqpro

Configuration 1 [-]

AND
cpe:2.3:a:jextn:com_jefaqpro:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/41078 Vendor Advisory
http://www.exploit-db.com/exploits/14846 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/61485
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-03T17:12:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-09-03T00:00:00

Link: CVE-2010-3211

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-09-03T18:00:04.577

Modified: 2017-08-17T01:32:56.133

Link: CVE-2010-3211

JSON object: View

cve-icon Redhat Information

No data.

CWE