2 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3

SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Aardvertiser (com_aardvertiser) v2.1 y v2.1.1 para Joomla! que permite a atacantes remotos ejecutar comandos SQL a través del parámetro cat_name en una acción de index.php. • https://www.exploit-db.com/exploits/14922 http://secunia.com/advisories/41293 http://www.exploit-db.com/exploits/14922 http://www.securityfocus.com/bid/43014 http://www.vupen.com/english/advisories/2010/2310 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. El componente Aardvertiser en versiones anteriores a la v2.2.1 de Joomla! utiliza permisos inseguros (777) en carpetas sin especificar, lo que permite a usuarios locales modificar, crear o borrar determinados ficheros. • http://secunia.com/advisories/40882 http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365 http://www.osvdb.org/66924 http://www.securityfocus.com/bid/42239 https://exchange.xforce.ibmcloud.com/vulnerabilities/60927 • CWE-264: Permissions, Privileges, and Access Controls •