Upgrade J-BusinessDirectory to the latest version. This vulnerability specifically impacts version 4.9.7 and was addressed in subsequent security patches.
The package typically contains the source code or automation scripts required to demonstrate the vulnerability. In this specific case, the SQL injection allows an unauthenticated remote attacker to execute arbitrary SQL commands. 46230.rar
SQL Injection (SQLi) via the 'type' parameter. Author: Ihsan Sencan. Disclosure Date: January 23, 2019. Platform: PHP-based web applications. Analysis of the Exploit (46230.rar Content) Upgrade J-BusinessDirectory to the latest version
Potential for an attacker to escalate privileges and become a database or site administrator. In this specific case, the SQL injection allows
The ability to modify, corrupt, or delete data within the system. Remediation & Mitigation
Implement parameterized queries (prepared statements) to prevent the database from interpreting user input as executable code.
Joomla! Component J-BusinessDirectory version 4.9.7.