Vulnerability Description
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cwjoomla | Cw Article Attachments Free | < 1.0.6 |
| Cwjoomla | Cw Article Attachments Pro | < 2.0.7 |
Related Weaknesses (CWE)
References
- http://www.cwjoomla.com/download-cw-article-attachmentsVendor Advisory
- https://www.exploit-db.com/exploits/45447/ExploitThird Party AdvisoryVDB Entry
- http://www.cwjoomla.com/download-cw-article-attachmentsVendor Advisory
- https://www.exploit-db.com/exploits/45447/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-14592?
CVE-2018-14592 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
How severe is CVE-2018-14592?
CVE-2018-14592 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-14592?
Check the references section above for vendor advisories and patch information. Affected products include: Cwjoomla Cw Article Attachments Free, Cwjoomla Cw Article Attachments Pro.