Vulnerability Description
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomlahbs | Com 5Starhotels | _nil_ |
| Joomlahbs | Com Allhotels | _nil_ |
| Joomlahbs | Hotel Booking Reservation System | _nil_ |
| Joomla | Joomla | All versions |
Related Weaknesses (CWE)
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/32952.plExploit
- http://www.securityfocus.com/bid/32952Exploit
- https://www.exploit-db.com/exploits/7568
- https://www.exploit-db.com/exploits/7575
- http://downloads.securityfocus.com/vulnerabilities/exploits/32952.plExploit
- http://www.securityfocus.com/bid/32952Exploit
- https://www.exploit-db.com/exploits/7568
- https://www.exploit-db.com/exploits/7575
FAQ
What is CVE-2008-5874?
CVE-2008-5874 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails...
How severe is CVE-2008-5874?
CVE-2008-5874 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5874?
Check the references section above for vendor advisories and patch information. Affected products include: Joomlahbs Com 5Starhotels, Joomlahbs Com Allhotels, Joomlahbs Hotel Booking Reservation System, Joomla Joomla.