CVE-2008-5865 – Joomla! Component 5starhotels - SQL Injection

https://notcve.org/view.php?id=CVE-2008-5865

SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php. Vulnerabilidad de Inyección SQL en el componente com_hbssearch v1.0 en Hotel Booking Reservation System (alias HBS) v1.0.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro r_type en la acción showhoteldetails para index.php • https://www.exploit-db.com/exploits/7575 https://www.exploit-db.com/exploits/7538 https://www.exploit-db.com/exploits/7567 https://www.exploit-db.com/exploits/7539 http://secunia.com/advisories/33215 http://securityreason.com/securityalert/4870 http://www.securityfocus.com/bid/32951 https://exchange.xforce.ibmcloud.com/vulnerabilities/47539 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •