Joomla! Extension 'JCK Suite' - 'jckeditor' =< 6.4.4 Privilege Escalation
High Nessus Plugin ID 121255
SynopsisThe remote Joomla! application has a plugin installed that is vulnerable
to a sql injection attack.
DescriptionThe Joomla! application running on the remote host has a version of
'JCK Suite' - 'jckeditor' extension that is prior or equal to 6.4.4.
As such, the host is affected by a SQL injection (SQLi) vulnerability
exists due to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this to inject or
manipulate SQL queries in the back-end database, resulting in the
disclosure or manipulation of arbitrary data.
SolutionUpdate the 'JCK Suite' - 'jckeditor' extension through the