Joomla! Commedia Component "id" SQL Injection Vulnerability

by Carol~ Moderator - 10/24/12 12:20 PM

In Reply to: VULNERABILITIES / FIXES - October 24, 2012 by Carol~ Moderator

Release Date : 2012-10-24

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: Commedia 3.x (component for Joomla!)

Description:
A vulnerability has been reported in the Commedia component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "id" parameter to index.php (when "option" is set to "com_commedia" and "task" is set to"down") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 3.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Daniel Barragan "D4NB4R"

Original Advisory:
http://www.exploit-db.com/exploits/22152/

http://secunia.com/advisories/51076/