Vulnerability Details CVE-2014-4960
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html
- http://www.exploit-db.com/exploits/34087
- http://www.securityfocus.com/bid/68676
- http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html
- http://www.exploit-db.com/exploits/34087
- http://www.securityfocus.com/bid/68676
Products affected by CVE-2014-4960
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.0
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.2
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.3
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.4
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.5
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.6
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.7
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.8
-
cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.9
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.0
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.1
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.2
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.8
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.9
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.0
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.1
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.2
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.3
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.4
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.5
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.6
-
cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.7