cve/2018/CVE-2018-17254.md

CVE-2018-17254

Description

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

POC

Reference

• http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html
• http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html
• https://www.exploit-db.com/exploits/45423/
• https://www.exploit-db.com/exploits/45423/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/MataKucing-OFC/CVE-2018-17254
• https://github.com/Nickguitar/Joomla-JCK-Editor-6.4.4-SQL-Injection