CVE-2020-19447: SQL Injection on Joomla’s jDownloads component
Virsec Security Research Lab Vulnerability Report
The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities.
1.1 Vulnerability Summary
An SQL Injection vulnerability exists on jdownloads 3.2.63 on Joomla for Joomla!com_jdownloads/models/send.php via the f_marked_files_id parameter. Affected by this issue is an unknown code of the file com_jdownloads/models/send.php. The manipulation of the argument f_marked_files_id as part of a parameter leads to a SQL injection vulnerability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base Score is 7.5 (High)
1.3 Affected Version
Joomla’s jDownloads version 3.2.63.
1.4 Vulnerability Attribution
Anonymous
1.5 Risk Impact
No active exploits are available for this vulnerability at this time. Joomla is a very popular website development and content management server that is written in PHP. According to w3techs, it is used to host over 2 million websites. Over 8,000 free and commercial extensions are available from the official Joomla Extensions Directory. As of 2019, it was estimated to be the fourth most used content management system on the Internet, after WordPress and Drupal.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web can detect such a SQL Injection based attack from being exploited.
1.7 Reference Links:
Download the full vulnerability report to learn more about this and other important vulnerabilities.
The post CVE-2020-19447: SQL Injection on Joomla’s jDownloads component appeared first on Virsec Systems.
*** This is a Security Bloggers Network syndicated blog from Blog – Virsec Systems authored by Satya Gupta. Read the original post at: https://virsec.com/cve-2020-19447-sql-injection-joomla-jdownloads-component/
