CVE-2014-4960

Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html	Exploit
http://www.exploit-db.com/exploits/34087	Exploit
http://www.securityfocus.com/bid/68676
http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html	Exploit
http://www.exploit-db.com/exploits/34087	Exploit
http://www.securityfocus.com/bid/68676

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.0:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.2:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.3:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.4:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.5:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.6:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.7:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.8:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.9:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.0:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.1:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.2:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.8:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.9:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.0:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.1:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.2:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.3:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.4:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.5:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.6:::::joomla\!::
	cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.7:::::joomla\!::

History

21 Nov 2024, 02:11

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html - Exploit~~	() http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html - Exploit
References	~~() http://www.exploit-db.com/exploits/34087 - Exploit~~	() http://www.exploit-db.com/exploits/34087 - Exploit
References	~~() http://www.securityfocus.com/bid/68676 -~~	() http://www.securityfocus.com/bid/68676 -

Information

Published : 2014-07-21 14:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4960

Mitre link : CVE-2014-4960

CVE.ORG link : CVE-2014-4960

JSON object : View

Products Affected

joomlaboat

com_youtubegallery

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10