Vulnerability Details CVE-2019-9184
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.366
EPSS Ranking 97.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://andreiconache.me/j2store-plugin-3-3-6-sql-injection/
- https://www.exploit-db.com/exploits/46467/
- https://www.j2store.org/blog/general/security-update-for-j2store.html
- https://andreiconache.me/j2store-plugin-3-3-6-sql-injection/
- https://www.exploit-db.com/exploits/46467/
- https://www.j2store.org/blog/general/security-update-for-j2store.html
Products affected by CVE-2019-9184
-
cpe:2.3:a:j2store:j2store:3.3.0
-
cpe:2.3:a:j2store:j2store:3.3.1
-
cpe:2.3:a:j2store:j2store:3.3.2
-
cpe:2.3:a:j2store:j2store:3.3.3
-
cpe:2.3:a:j2store:j2store:3.3.4
-
cpe:2.3:a:j2store:j2store:3.3.5
-
cpe:2.3:a:j2store:j2store:3.3.6