Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5099

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-5099
Last Modified 03 Jan 2013 11:33:46
Published 14 Aug 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5099

Summary

SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Systems

Application

  • Chillcreations Mod Ccnewsletter 1.0.7

  • Chillcreations Mod Ccnewsletter 1.0.8

  • Chillcreations Mod Ccnewsletter 1.0.9


References

BID - 53208

CONFIRM - http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html

SECUNIA - 48934

MISC - http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html

XF - modccnewsletter-popup-sql-injection(75112)


Last Updated: 27 May 2016 10:51:40