CVE-2018-25067
low-risk
Published 2023-01-06
A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.
Do I need to act?
-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Joomgallery
Affected Vendors
References (10)
Issue Tracking
https://github.com/JoomGallery/JoomGallery/pull/122
Permissions Required
https://vuldb.com/?ctiid.217569
Permissions Required
https://vuldb.com/?id.217569
Issue Tracking
https://github.com/JoomGallery/JoomGallery/pull/122
Permissions Required
https://vuldb.com/?ctiid.217569
Permissions Required
https://vuldb.com/?id.217569
24
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal