Joomcck Extension For Joomla
Monthly
SQL injection in the JoomCCK content-construction-kit extension for Joomla (versions 1.0 through 6.4.0) lets remote attackers read arbitrary database contents by injecting into a front-end controller task that concatenates an unescaped request parameter into two SQL statements. The flaw is reachable over the network without authentication or user interaction, and SSVC rates it automatable with total technical impact; however, there is no public exploit identified at time of analysis and EPSS is low at 0.28% (20th percentile).
SQL injection in the JoomCCK content-construction-kit extension for Joomla (versions 1.0 through 6.4.0) lets remote attackers read arbitrary database contents by injecting into a front-end controller task that concatenates an unescaped request parameter into two SQL statements. The flaw is reachable over the network without authentication or user interaction, and SSVC rates it automatable with total technical impact; however, there is no public exploit identified at time of analysis and EPSS is low at 0.28% (20th percentile).