Vigil@nce - Joomla File Download Tracker: SQL injection

May 2018 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can use a SQL injection of Joomla File Download Tracker, in order to read or alter data.

Impacted products: Joomla Extensions not comprehensive.

Severity: 2/4.

Creation date: 08/03/2018.

DESCRIPTION OF THE VULNERABILITY

The Joomla File Download Tracker product uses a database.

However, user’s data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla File Download Tracker, in order to read or alter data.

