CVE-2017-20269

Description

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.

References

• http://terrywcarter.com/
• https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/
• https://www.exploit-db.com/exploits/42494
• https://www.vulncheck.com/advisories/joomla-component-kissgallery-sql-injection