Joomla Jtag Members Directory 5.3.7 SQL Injection Vulnerability

Joomla Jtag Members Directory component version 5.3.7 suffers from a remote SQL injection vulnerability.

################################################
#Title: Joomla Jtag Members Directory 5.3.7 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: https://joomlatag.com
#URL:
https://extensions.joomla.org/extensions/extension/clients-a-communities/members-lists/jtag-members-directory/
#Product: 'Joomla Jtag Members Directory 5.3.7'
#Developer: JoomlaTag
#Last updated: Jun 19 2017
#Compatibility: 3.X
#Type: Paid download
################################################
#
#  Description:
# JTag Member Directory extension helps in the management of user profiles
with the ability to publish member information in a simple searchable
directory.
# This extension is great for Non-profits, clubs, local chapters or Board
member websites.
#
# GET -p [customtext]
#        [name]
#        [country]
#        [state]
#        [city]
#        [phone_no]
#
#
http://demos.joomlatag.com/jtag-membersdirectory/index.php?option=com_jtagmembersdirectory&format=raw&customtext=&name=dean
"&country=&state=&city=&phone_no=
#
# PoC:
#  https://prnt.sc/hu107i
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)

Leave a Reply