Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html - Exploit | |
References | () http://www.exploit-db.com/exploits/34087 - Exploit | |
References | () http://www.securityfocus.com/bid/68676 - |
Information
Published : 2014-07-21 14:55
Updated : 2025-04-12 10:46
NVD link : CVE-2014-4960
Mitre link : CVE-2014-4960
CVE.ORG link : CVE-2014-4960
JSON object : View
Products Affected
joomlaboat
- com_youtubegallery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')