3 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente para Joomla! Live Chat v1.0 (com_livechat), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "last" a getChatRoom.php. • https://www.exploit-db.com/exploits/7441 http://secunia.com/advisories/33122 http://www.securityfocus.com/bid/32803 https://exchange.xforce.ibmcloud.com/vulnerabilities/47304 https://exchange.xforce.ibmcloud.com/vulnerabilities/52442 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. Vulnerabilidad de inyección múltiple SQL en el componente Live Chat (com_livechat) para Joomla! permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través de los últimos parámetro para (1) getChat.php, (2) getChatRoom.php, y (3) getSavedChatRooms.php. • https://www.exploit-db.com/exploits/7441 http://secunia.com/advisories/33122 http://www.securityfocus.com/bid/32803 https://exchange.xforce.ibmcloud.com/vulnerabilities/47304 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. Componente Live Chat (com_livechat) v1.0 para Joomla! permite a los atacantes remotos usar la secuencia de comandos xmlhttp.php como un proxy HTTP abierto para esconder una actividad de escaner de la red o un escaner de redes internas a través de una petición GET con una URL completa en la pregunta. • https://www.exploit-db.com/exploits/7441 http://www.securityfocus.com/bid/32803 https://exchange.xforce.ibmcloud.com/vulnerabilities/47305 • CWE-20: Improper Input Validation •