Title: SQL Injection in JEvents Joomla Component
CVE ID: CVE-2015-7340
CVSSv3 Base Score: 6.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
Products: JEvents (3.4.0RC5)
Advisory Release Date: 28 October 2015
Advisory URL: https://labs.integrity.pt/advisories/cve-2015-7340
Credits: Discovery by Fábio Pires <fp[at]integrity.pt>, Filipe Reis <fr[at]integrity.pt>, Vitor Oliveira <vo[at]integrity.pt>
JEvents component is vulnerable to SQL Injection on new events, inside the backoffice.
To replicate the issue go to:
With this we get the following response (as you can see on the response we broke the SQL query):
This corresponds on the code to: /joomla/administration/com_jevents/controllers/icalevent.php
Now we inject with our SQL query into the parameter evid:
And we get the response with the proof.