SQL Injection Vulnerability in JS Autoz Component for Joomla!
CVE-2018-6006

9.8CRITICAL

Key Information:

Vendor: Joomsky
Status: Js Autoz
Vendor: CVE Published:; 17 February 2018

Summary

A security flaw in the JS Autoz component version 1.0.9 for Joomla! allows attackers to execute arbitrary SQL commands through unsanitized user input in parameters such as vtype, pre, or prs. This vulnerability can lead to unauthorized access to sensitive data and manipulation of the database, jeopardizing the integrity of affected systems.

References

https://exploit-db.com/exploits/44119

exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2018
Vulnerability Reserved
Jan 22, 2018