<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-19447 SQL Injection on Joomla’s jDownloads Component

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

An SQL Injection vulnerability exists on jdownloads 3.2.63 on Joomla for Joomla!com_jdownloads/models/send.php via the f_marked_files_id parameterAffected by this issue is an unknown code of the file com_jdownloads/models/send.php. The manipulation of the argument f_marked_files_id as part of a parameter leads to a SQL injection vulnerability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange. 

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base Score is 7.5 (High)

Affected Version

Joomla’s jDownloads version 3.2.63. 

Vulnerability Attribution

Anonymous 

Risk Impact

No active exploits are available for this vulnerability at this timeJoomla is a very popular website development and content management server that is written in PHP. According to w3techs, it is used to host over 2 million websites. Over 8,000 free and commercial extensions are available from the official Joomla Extensions DirectoryAs of 2019, it was estimated to be the fourth most used content management system on the Internet, after WordPress and Drupal.  

Virsec Security Platform (VSP) Support

VSP-Web can detect such a SQL Injection based attack from being exploited. 

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.