Lucene search

[email protected]CVE-2018-25067

HistoryJan 06, 2023 - 9:15 p.m.

CVE-2018-25067

2023-01-0621:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2018-25067

joomgallery

sql injection

upgrade

vulnerability

nvd

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.1%

JSON

A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

joomgallery_projectjoomgalleryMatch3.3.0

joomgallery_projectjoomgalleryMatch3.3.1

joomgallery_projectjoomgalleryMatch3.3.2

joomgallery_projectjoomgalleryMatch3.3.3

VendorProductVersionCPE
joomgallery_projectjoomgallery3.3.0cpe:2.3:a:joomgallery_project:joomgallery:3.3.0:*:*:*:*:*:*:*
joomgallery_projectjoomgallery3.3.1cpe:2.3:a:joomgallery_project:joomgallery:3.3.1:*:*:*:*:*:*:*
joomgallery_projectjoomgallery3.3.2cpe:2.3:a:joomgallery_project:joomgallery:3.3.2:*:*:*:*:*:*:*
joomgallery_projectjoomgallery3.3.3cpe:2.3:a:joomgallery_project:joomgallery:3.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomgallery_project	joomgallery	3.3.0	cpe:2.3:a:joomgallery_project:joomgallery:3.3.0:::::::*
joomgallery_project	joomgallery	3.3.1	cpe:2.3:a:joomgallery_project:joomgallery:3.3.1:::::::*
joomgallery_project	joomgallery	3.3.2	cpe:2.3:a:joomgallery_project:joomgallery:3.3.2:::::::*
joomgallery_project	joomgallery	3.3.3	cpe:2.3:a:joomgallery_project:joomgallery:3.3.3:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "JoomGallery",
    "versions": [
      {
        "version": "3.3.0",
        "status": "affected"
      },
      {
        "version": "3.3.1",
        "status": "affected"
      },
      {
        "version": "3.3.2",
        "status": "affected"
      },
      {
        "version": "3.3.3",
        "status": "affected"
      }
    ],
    "modules": [
      "Image Sort Handler"
    ]
  }
]

References

github.com/JoomGallery/JoomGallery/commit/dc414ee954e849082260f8613e15a1c1e1d354a1

github.com/JoomGallery/JoomGallery/pull/122

github.com/JoomGallery/JoomGallery/releases/tag/v3.3.4

vuldb.com/?ctiid.217569

vuldb.com/?id.217569

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for CVE-2018-25067

nvd1 cvelist1 osv1 prion1