Joomla YJ Filter for K2 extension version 1.0.5 suffers from a remote SQL injection vulnerability.
c58cd8c7c84d70f3afa2210813c82ad4################################################
#Title: Joomla YJ Filter for K2 1.0.5 Module SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://www.youjoomla.com
#URL:
https://extensions.joomla.org/extensions/extension/extension-specific/k2-extensions/yj-filter-for-k2/
#Product: 'Joomla YJ Filter for K2 version 1.0.5'
#Extension type: Module
#Developer: Stefan Stojanovic
#Last updated: Apr 19 2017
#Date added: Nov 19 2014
#Compatibility: J2.5 - J3.X
#Type: Paid download
#Extension type: Module
#Google Dork: N/A
################################################
#
# Product & Service Introduction:
#
# YJ K2 filter also has its own K2 view which makes it easier for you to
adjust the search results template. YJ K2 filter is using K2 search/date (
generic ) settings from Layout & view options for Search & Date listings in
K2 parameters Layout and View tab.
#
# GET -p [value]
#
http://127.0.0.1/joomla/modules/mod_yjk2filter/helpers/actions/get_extra_fields_form.php?field_name=YJK2FilterExtraField_1&value=1[SQL]&group=1&multiple=0&Itemid=101
#
#
# PoC:
# https://prnt.sc/hsj1b2
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################