CVE-2011-4823
published 2011-12-15CVE-2011-4823: Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.1th percentile
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| extensionsforjoomla | com_vikrealestate | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections
exploitdb·2012-01-21
CVE-2011-4823 Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections
Joomla! Component Vik Real Estate 1.0 - Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/51617/info
The 'com_sanpham' component for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/index.php?option=com_sanpham&view=sanpham&kindid=[SQLi]
http://www.example.com/index.php?option=com_sanpham&view=product&task=detail&modelsid=1&cid=[SQLi]
http://www.example.com/index.php?option=com_sanpham&view=product&modelsid=[SQLi]
http://www.example.com/index.php?option=com_sanpham&view=product&m
Exploit-DB
Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
exploitdb·2011-10-29
CVE-2011-4823 Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
---
###################################################################
Vik Real Estate 1.0 Component Joomla Multiple Blind Sql Injection
###################################################################
Release Date Bug. 27-Oct-2011
Date Added. 30-Sep-2011
Vendor Notification Date. Never
Product. Vik Real Estate
Platform. Joomla
Affected versions. 1.0
Type. Commercial
Price. 69.00
Attack Vector. Blind Sql Injection
Solution Status. unpublished
CVE reference. Not yet assigned
Download http://www.extensionsforjoomla.com/vik-real-estate/joomla-extensions/vik-real-estate?vmcchk=1
I. BACKGROUND
Extension to manage real estates with details and description.
Main Functions:
- Manage Types of Contract (rental, selling, etc.)
No writeups or analysis indexed.
2011-12-15
Published