Joomla! Component J-BusinessDirectory version 4.9.7.
To protect against this vulnerability, administrators should take the following steps: 46230.rar
Potential for an attacker to escalate privileges and become a database or site administrator. Joomla
The package typically contains the source code or automation scripts required to demonstrate the vulnerability. In this specific case, the SQL injection allows an unauthenticated remote attacker to execute arbitrary SQL commands. including user credentials
Ensure the application validates and sanitizes all user-supplied inputs before they are used in SQL queries.
SQL Injection (SQLi) via the 'type' parameter. Author: Ihsan Sencan. Disclosure Date: January 23, 2019. Platform: PHP-based web applications. Analysis of the Exploit (46230.rar Content)
Complete extraction of the Joomla! database, including user credentials, configuration data, and business directory listings.