QwikSec

Security Database

CVE

CWE

Training

CVE-2013-3932

Published: Jan 2, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.

Vendor	Product	Versions
Jomres	Jomres component for Joomla!	affected `before 7.3.1`

References

http://www.securityfocus.com/bid/61635

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/86252

x_refsource_MISC

https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.