CVE-2020-19447 SQL Injection on Joomla’s jDownloads Component
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
An SQL Injection vulnerability exists on jdownloads 3.2.63 on Joomla for Joomla!com_jdownloads/models/send.php via the f_marked_files_id parameter. Affected by this issue is an unknown code of the file com_jdownloads/models/send.php. The manipulation of the argument f_marked_files_id as part of a parameter leads to a SQL injection vulnerability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base Score is 7.5 (High)
Joomla’s jDownloads version 3.2.63.
No active exploits are available for this vulnerability at this time. Joomla is a very popular website development and content management server that is written in PHP. According to w3techs, it is used to host over 2 million websites. Over 8,000 free and commercial extensions are available from the official Joomla Extensions Directory. As of 2019, it was estimated to be the fourth most used content management system on the Internet, after WordPress and Drupal.
Virsec Security Platform (VSP) Support
VSP-Web can detect such a SQL Injection based attack from being exploited.
Download the full vulnerability report to learn more about this and other important vulnerabilities.