MidnightBSD

Advisories for smart_related_articles_project

CVE-2017-7626 MEDIUM

The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
smart_related_articles_project smart_related_articles 1.1
CVE-2017-7627 MEDIUM

The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
smart_related_articles_project smart_related_articles 1.1
CVE-2017-7628 HIGH

The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
smart_related_articles_project smart_related_articles 1.1