Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4838

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2010-4838
Last Modified 13 Feb 2012 11:02:23
Published 13 Sep 2011 10:56:38
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2010-4838

Summary

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

Vulnerable Systems

Application

  • Extensiondepot Com Jsupport 1.5.6


References

MISC - http://www.xenuser.org/documents/security/Joomla_com_jsupport_SQLi.txt

EXPLOIT-DB - 15502

SECUNIA - 42262

MISC - http://packetstormsecurity.org/files/view/95797/joomlajsupport-sql.txt

SREASON - 8379


Last Updated: 27 May 2016 10:57:24