CVE-2018-17254 PoC — Joomla! JCK Editor组件SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-17254.yaml

Associated Vulnerability

Title:Joomla! JCK Editor组件SQL注入漏洞 (CVE-2018-17254)
Description:Joomla!是美国Open Source Matters团队开发的一套开源的内容管理系统(CMS)，该系统提供RSS馈送、网站搜索等功能。JCK Editor是其中的一个编辑器组件。 Joomla! JCK Editor组件6.4.4版本中存在SQL注入漏洞。远程攻击者可通过向jtreelink/dialogs/links.php页面发送‘parent’参数利用该漏洞执行SQL命令。

Description

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

File Snapshot


 id: CVE-2018-17254

info:
  name: Joomla! JCK Editor SQL Injection
  author: Suman_Kar
  severity: c

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!