Extension - hikashop.com - SQLi in HikaShop component for Joomla <= 4.7.2
CVE-2023-38044

9.8CRITICAL

Key Information:

Vendor: Hikashop.com
Status: Hikashop Component For Joomla
Vendor: CVE Published:; 7 August 2023

🔔 Create Hikashop.com Vulnerability Alert

What is CVE-2023-38044?

An SQL Injection vulnerability exists in HikaShop, developed by HikaTeam, which is caused by improper neutralization of special elements within SQL commands. This flaw allows attackers to manipulate SQL queries and potentially gain unauthorized access to sensitive data. Websites running HikaShop versions 4.4.1 to 4.7.2 are at risk, making it crucial for administrators to update their installations to avoid exploitation.

Affected Version(s)

HikaShop component for Joomla 4.0.0-4.7.2

References

https://www.hikashop.com/support/documentation/56-hikasho...

vendor-advisory

https://extensions.joomla.org/vulnerable-extensions/resol...

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jul 12, 2023

Credit

Vishal Saini and Siva Pothuluru S (Team Payatu)