CVE-2022-35156 The Bus Pass Management System 1.0 had a SQL Injection vulnerability via the searchdata parameter.

A user with access to this parameter could exploit this vulnerability to obtain sensitive information about the system, such as the name of a person who is authorized to use the system, or the value of the nextbus parameter that determines if the system is open or not.

CVE-2018-3961 was discovered in the Joomla! Content Management System 1.5.x, 1.6.x, 1.7.x, and 1.8.x when using the Search feature through SQL injection. A specially-crafted search query could provide an attacker with full access to the database, allowing for the modification of data or the creation of new entries.

CVE-2018-3952 was discovered in the Joomla! Content Management System 1.5.x, 1.6.x, 1.7.x, and 1.8.x when using the Search feature through SQL injection. A specially-crafted search query could provide an attacker with full access to the database, allowing for the modification of data or the creation of new entries.

CVE-2018-3945 was discovered in the Joomla! Content Management System 1.5.x, 1.6.x, 1.7.x, and 1.8.x when using the Search feature through SQL injection. A specially-crafted search query could provide an attacker with full access to the database, allowing for the modification of data or the creation of new entries.

Installation of Joomla! is Not Recommended

Joomla! is a community software project that provides content management systems (CMS) for designing, developing, and publishing websites. Joomla! is used by over 45 million websites worldwide.

The following are some of the vulnerabilities that have been discovered in Joomla! CMS versions 1.5.x, 1.6.x, 1.7.x, and 1.8.x:
- CVE-2018-3961: SQL injection vulnerability in Search feature
- CVE-2018-3952: SQL injection vulnerability in Search feature
- CVE-2018-3945: SQL injection vulnerability in Search feature
The following are some of the vulnerabilities that have been discovered in Joomla! CMS versions 1.5, 1.6, and 1.7:
CVE-2016-10268, which indicates a cross site scripting vulnerability when placing an order through a third party website or ecommerce platform connected to Joomla! CMS through its web services interface as well as a potential information disclosure (through the same web services interface).
CVE-2017-5955 and CVE 2017 - 5955  , which indicate potential CSRF vulnerabilities when using the URL parameter orderid to specify the ID of an order i

SQL Injection

SQL Injection is a type of vulnerability that allows an attacker to gain access to unauthorized information stored on a database. The vulnerability occurs when SQL queries are not properly verified before being executed.

Vulnerabilities like these, which exploit the lack of security in user applications, are often referred to as vulnerabilities like SQL injections. When such vulnerabilities are found, the affected application will typically have a patch available to fix it.

Summary

This vulnerability allows an attacker to access sensitive information about the system, such as the name of a person authorized to use the system, or the value of the nextbus parameter that determines if the system is open or not. The vulnerability was discovered in Joomla! Content Management System 1.5.x, 1.6.x, 1.7.x, and 1.8.x when using the Search feature through SQL injection.

Timeline

Published on: 09/30/2022 19:15:00 UTC
Last modified on: 10/05/2022 15:51:00 UTC

References

• http://bus.com
• https://packetstormsecurity.com/files/168555/Bus-Pass-Management-System-1.0-Cross-Site-Scripting.html
• http://phpgurukul.com
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35156