Vulnerability Details : CVE-2014-4960
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2014-4960
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 33 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4960
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-4960
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4960
-
http://www.exploit-db.com/exploits/34087
Joomla! Component Youtube Gallery 4.1.7 - SQL Injection - PHP webapps ExploitExploit
-
http://www.securityfocus.com/bid/68676
Joomla! YouTube Gallery Component 'gallery.php' SQL Injection Vulnerability
-
http://packetstormsecurity.com/files/127497/Joomla-Youtube-Gallery-4.1.7-SQL-Injection.html
Joomla Youtube Gallery 4.1.7 SQL Injection ≈ Packet StormExploit
Products affected by CVE-2014-4960
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.4:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.3:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.2:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.1:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.2:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.0:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.0:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.9:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.8:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.7:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.7:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.5:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.0:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.8:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.1:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.6:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.4:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.6:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.9:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.2:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.5:*:*:*:*:joomla\!:*:*
- cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.3:*:*:*:*:joomla\!:*:*