SQL Injection Vulnerabilities in BSQ Sitestats Component for Joomla
CVE-2006-7123

Currently unrated

Key Information:

Vendor: Joomla
Status: Bsq Sitestats
Vendor: CVE Published:; 6 March 2007

Summary

The BSQ Sitestats component for Joomla is susceptible to multiple SQL injection vulnerabilities. These flaws allow attackers to execute arbitrary SQL commands through unspecified parameters during the import of the 'ip-to-country.csv' file and via HTTP headers such as HTTP Referer, HTTP User Agent, and HTTP Accept Language sent to the 'bsqtemplateinc.php' file. Exploiting these vulnerabilities can lead to unauthorized access to sensitive database information and could facilitate further attacks on the Joomla installation.

References

http://www.securityfocus.com/bid/20267

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/29268

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/2360

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Mar 6, 2007
Vulnerability Reserved
Mar 5, 2007