CVE-2008-1427

Description

SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.

Affected products

• joobi / acajoom1.1.5 – 1.1.5
• joobi / acajoom1.2.5 – 1.2.5
• Joomla! / com_acajoom1.1.5 – 1.1.5
• Joomla! / com_acajoom1.2.5 – 1.2.5

References

• EXPLOIThttps://www.exploit-db.com/exploits/5273
• MISChttp://www.securityfocus.com/bid/28305
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/41290
• VENDOR_ADVISORYhttp://secunia.com/advisories/29429