Joomla! PrayerCenter 3.0.2 SQL Injection

🗓️ 23 Feb 2018 00:00:00Reported by Ihsan SencanType

packetstorm🔗 packetstormsecurity.com👁 40 Views

Joomla! PrayerCenter 3.0.2 SQL Injection on Componen

Reporter	Title	Published	Views	Family All 12
0day.today	Joomla PrayerCenter 3.0.2 Component - sessionid SQL Injection Vulnerability	22 Feb 201800:00	–	zdt
CNVD	Joomla! PrayerCenter SQL Injection Vulnerability	24 Feb 201800:00	–	cnvd
CVE	CVE-2018-7314	22 Feb 201819:00	–	cve
Cvelist	CVE-2018-7314	22 Feb 201819:00	–	cvelist
Exploit DB	Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection	22 Feb 201800:00	–	exploitdb
exploitpack	Joomla! Component PrayerCenter 3.0.2 - sessionid SQL Injection	22 Feb 201800:00	–	exploitpack
Joomla! Vulnerable Extensions List	PrayerCenter,3.0.2,SQL Injection	6 Mar 201800:00	–	joomla
Nuclei	Joomla! Component PrayerCenter 3.0.2 - SQL Injection	1 Jun 202605:38	–	nuclei
NVD	CVE-2018-7314	22 Feb 201819:29	–	nvd
Packet Storm	Joomla PrayerCenter 3.0.4 Database Disclosure / SQL Injection	14 Feb 201900:00	–	packetstorm

`# # # #  
# Exploit Title: Joomla! Component PrayerCenter 3.0.2 - SQL Injection  
# Dork: N/A  
# Date: 22.02.2018  
# Vendor Homepage: http://www.mlwebtechnologies.com/  
# Software Link: https://extensions.joomla.org/extensions/extension/living/religion/prayercenter/  
# Software Download: http://mlwebtechnologies.github.io/PrayerCenter/  
# Software Download: https://github.com/MLWebTechnologies/PrayerCenter/releases/download/3.0.2/PrayerCenter302Unzip1st.zip  
# Version: 3.0.2  
# Category: Webapps  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: CVE-2018-7314  
# # # #  
# Exploit Author: Ihsan Sencan  
# # # #  
#   
# POC:   
#   
# 1)  
# http://localhost/[PATH]/index.php?option=com_prayercenter&task=confirm&id=1&sessionid=[SQL]  
#   
# # # #  
`

23 Feb 2018 00:00Current

9.2High risk

Vulners AI Score9.2

EPSS0.90805