Sql injection

2010-04-1919:30:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.

CPENameOperatorVersion
com_mv_restaurantmenumanagerle1.5.2

CPE	Name	Operator	Version
	com_mv_restaurantmenumanager	le	1.5.2

References

packetstormsecurity.org/1004-exploits/joomlamvrmm-sql.txt

secunia.com/advisories/39217

www.securityfocus.com/bid/39382

www.xenuser.org/documents/security/joomla_com_MVRMM_sql.txt

www.exploit-db.com/exploits/12159