Vulnerability Description
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blueconstantmedia | Com Djcatalog | All versions |
| Joomla | Joomla | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36696Vendor Advisory
- http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-v
- http://www.exploit-db.com/exploits/9693
- http://www.securityfocus.com/bid/36412Exploit
- http://secunia.com/advisories/36696Vendor Advisory
- http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-v
- http://www.exploit-db.com/exploits/9693
- http://www.securityfocus.com/bid/36412Exploit
FAQ
What is CVE-2009-3661?
CVE-2009-3661 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action an...
How severe is CVE-2009-3661?
CVE-2009-3661 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3661?
Check the references section above for vendor advisories and patch information. Affected products include: Blueconstantmedia Com Djcatalog, Joomla Joomla.