This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS….
>> AUTHOR: deepcore
Joomla ABook Alexandria Book Library version 3.1.4 suffers from a remote SQL injection vulnerability.
Joomla Agora version 4.10 suffers from bypass and remote SQL injection vulnerabilities.
Joomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.
Joomla JoomGallery version 3.2.2 and PonyGallery version 2.5.1 suffers from database disclosure and remote SQL injection vulnerabilities.
Joomla ExtCalendar version 2.0 suffers from a remote SQL injection vulnerability.
Joomla Mosets Hot Property version 1.0.0 suffers from a remote SQL injection vulnerability.
Joomla PhocaGuestBook version 3.0.8 suffers from database disclosure and remote SQL injection vulnerabilities.
Joomla SermonSpeaker version 5.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.
Joomla WordPress Blog plugin version 4.8.0 suffers from a remote SQL injection vulnerability.