Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:SQL:INJ:SELECT-CONCAT-STAT
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Select Concat statement Possible SQL Injection Obfuscation
Release Date	2015/06/09
Update Number	2503
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Select Concat statement Possible SQL Injection Obfuscation

This signature detects attempts to exploit Select Concat statement SQL Injection vulnerability. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Extended Description

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

Affected Products

Joomla joomla! 3.5.0
Joomla joomla! 3.5.1
Joomla joomla! 3.6.0
Joomla joomla! 3.6.1
Joomla joomla! 3.6.2
Joomla joomla! 3.6.3
Joomla joomla! 3.6.4
Joomla joomla! 3.6.5
Joomla joomla! 3.7.0
Joomla joomla! 3.7.1
Joomla joomla! 3.7.2
Joomla joomla! 3.7.3
Joomla joomla! 3.7.4
Joomla joomla! 3.7.5
Joomla joomla! 3.8.0
Joomla joomla! 3.8.1
Joomla joomla! 3.8.2
Joomla joomla! 3.8.3
Joomla joomla! 3.8.4
Joomla joomla! 3.8.5

References

BugTraq: 58754
CVE: CVE-2013-3522
CVE: CVE-2018-8045
URL: https://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
URL: https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html
URL: http://www.zempirians.com/archive/legion/vbulletin_5.pl.txt

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Select Concat statement Possible SQL Injection Obfuscation

Extended Description

Affected Products

References