Joomla Jtag Minicart 4.1.0 SQL Injection Vulnerability

Joomla Jtag Minicart component version 4.1.0 suffers from a remote SQL injection vulnerability.

################################################
#Title: Joomla Jtag Minicart 4.1.0 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: https://joomlatag.com
#URL:
https://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/jtag-minicart/
#Product: 'Joomla Jtag Minicart 4.1.0'
#Developer: JoomlaTag
#Last updated: Jun 06 2016
#Compatibility: 3.X
#Type: Paid download
################################################
#
#  Description:
#   tag Minicart is a simple but versatile shopping cart extension for
Joomla.
Jtag Minicart allows you to showcase your products, add product categories,
product images, descriptions and more as well as allowing users to purchase
these items, with support for shipping and tax calculation.
#
# POST -p [product]
#
# http://127.0.0.1/jtag-minicart/index.php?option=com_jtagminicart
#
# product=9[SQL]&date=2017-12-29+13%3A35%3A46
#
# PoC:
#  https://prnt.sc/hu0wzv
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Leave a Reply