The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cwjoomla | cw_article_attachments_pro | * |
| cwjoomla | cw_article_attachments_free | * |
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cwjoomla | cw_tags | 2.0.6 |