CVE-2010-5043

Description

SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.

Affected products

• blueconstantmedia / com_djartgallery0.9.1 – 0.9.1

References

• EXPLOIThttp://www.exploit-db.com/exploits/13737/
• MISChttp://www.securityfocus.com/bid/40580
• VENDOR_ADVISORYhttp://secunia.com/advisories/40073
• MISChttp://osvdb.org/65187
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/59142