Joomla Jtag Members Directory 5.3.7 SQL Injection

Joomla Jtag Members Directory component version 5.3.7 suffers from a remote SQL injection vulnerability.


MD5 | daf5446c9e3515dd656f602a3801b089

################################################
#Title: Joomla Jtag Members Directory 5.3.7 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: https://joomlatag.com
#URL:
https://extensions.joomla.org/extensions/extension/clients-a-communities/members-lists/jtag-members-directory/
#Product: 'Joomla Jtag Members Directory 5.3.7'
#Developer: JoomlaTag
#Last updated: Jun 19 2017
#Compatibility: 3.X
#Type: Paid download
################################################
#
# Description:
# JTag Member Directory extension helps in the management of user profiles
with the ability to publish member information in a simple searchable
directory.
# This extension is great for Non-profits, clubs, local chapters or Board
member websites.
#
# GET -p [customtext]
# [name]
# [country]
# [state]
# [city]
# [phone_no]
#
#
http://demos.joomlatag.com/jtag-membersdirectory/index.php?option=com_jtagmembersdirectory&format=raw&customtext=&name=dean
"&country=&state=&city=&phone_no=
#
# PoC:
# https://prnt.sc/hu107i
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts