The JNews component was found to be vulnerable to SQL Injection affecting multiple pages.
- The AcyMailing component was vulnerable to SQL Injection on the export controller. This was another issue discovered by me, Filipe and Vitor while we were looking for low-hanging fruits in the TOP Joomla plugins.
- JEvents component was vulnerable to SQL Injection on new events functionality. This vulnerability was located inside the backoffice.
- This vulnerability was found in the JNews plugin and showed how we bypassed the file extension validation and how we discovered two diferent unrestricted file upload forms.
- This post was the result of a code-review made to the Joomla Content Editor plugin. It was possible to bypass the file upload validation in order to submit a webshell.