Vulnerability Description
Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| J2Store | J2Store | <= 3.1.6 |
Related Weaknesses (CWE)
References
- http://j2store.org/download-j2store/j2store-v3-3-1-7.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/132658/Joomla-J2Store-3.1.6-SQL-Injection.hExploit
- http://volatileminds.net/2015/07/07/j2store-316-sql-injection.html
- http://j2store.org/download-j2store/j2store-v3-3-1-7.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/132658/Joomla-J2Store-3.1.6-SQL-Injection.hExploit
- http://volatileminds.net/2015/07/07/j2store-316-sql-injection.html
FAQ
What is CVE-2015-6513?
CVE-2015-6513 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_i...
How severe is CVE-2015-6513?
CVE-2015-6513 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6513?
Check the references section above for vendor advisories and patch information. Affected products include: J2Store J2Store.