漏洞信息详情

Joomla! Hotel Booking System组件SQL注入漏洞

漏洞简介

Joomla! Hotel Booking Reservation System(又称HBS或com_hbssearch)组件中存在多个SQL注入漏洞。远程攻击者可以借助提交到longDesc.php的(1)h_id,(2)id和(3)rid参数和到(4)detail.php,(5)detail1.php,(6)detail2.php,(7)detail3.php,(8)detail4.php,(9)detail5.php,(10) detail6.php,(11)detail7.php和(12)detail8.php的h_id参数,执行任意的SQL指令。

漏洞公告

该漏洞在Hotel Booking System 1.5中得到了解决。

参考网址

来源: BID

名称: 36380

链接:http://www.securityfocus.com/bid/36380

来源: BUGTRAQ

名称: 20090914 [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability

链接:http://www.securityfocus.com/archive/1/archive/1/506444/100/0/threaded

来源: MILW0RM

名称: 9648

链接:http://www.milw0rm.com/exploits/9648

来源: SECUNIA

名称: 33215

链接:http://secunia.com/advisories/33215

来源: MISC

链接:http://e-rdc.org/v1/news.php?readmore=142

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多