Recently I’ve been noticing a number of Joomla components with SQL injection issues. These components are not part of the based platform of Joomla, but they can put your system at risk if you don’t know about the issues. Joomla developers need to build theirs own data management protocol for their software so that component developers aren’t running pure SQL statements. This could greatly cut down on the SQL injection issue Joomla is facing.
SQL Injection allows a hacker to run SQL statements by modifying POST or GET query’s, allowing the changing or removal of data from databases.
Below are a list of Joomla components known to have SQL injection issues.
Joomla netinvoice
The Joomla netinvoice component version 1.2.0 SP1 suffers from a SQL injection vulnerability.
Joomla jabode
The Joomla jabode component suffers from a remote SQL injection vulnerability.
Joomla beamos petition
The Joomla beamos petition component suffers from a remote SQL injection vulnerability.
Joomla Xe webtv
Joomla Xe webtv component blind SQL injection exploit.
Joomla Facileforms
The Joomla Facileforms component version 1.4.4 suffers from a remote file inclusion vulnerability.
to view the picture in full size.
0 Comments on “Joomla components have serious SQL injection issues.”
Leave a Comment