Short Name |
HTTP:SQL:INJ:SELECT-CONCAT-STAT |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Select Concat statement Possible SQL Injection Obfuscation |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit Select Concat statement SQL Injection vulnerability. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.