CVE-2014-4960

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-4960
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html Exploit
http://www.exploit-db.com/exploits/34087 Exploit
http://www.securityfocus.com/bid/68676
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.0:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.2:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.3:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.4:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.5:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.6:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.7:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.8:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.9:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.0:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.1:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.2:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.8:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.9:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.0:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.1:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.2:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.3:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.4:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.5:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.6:*:*:*:*:joomla\!:*:*
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.7:*:*:*:*:joomla\!:*:*
History

No history.

Information

Published : 2014-07-21 14:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-4960

Mitre link : CVE-2014-4960

CVE.ORG link : CVE-2014-4960

JSON object : View

Products Affected

joomlaboat

  • com_youtubegallery
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')