SQL Injection (SQLi) via the 'type' parameter. Author: Ihsan Sencan. Disclosure Date: January 23, 2019. Platform: PHP-based web applications. Analysis of the Exploit (46230.rar Content)
The ability to modify, corrupt, or delete data within the system. Remediation & Mitigation 46230.rar
To protect against this vulnerability, administrators should take the following steps: SQL Injection (SQLi) via the 'type' parameter
Complete extraction of the Joomla! database, including user credentials, configuration data, and business directory listings. including user credentials
Configure the database user account used by the Joomla! application with least-privilege access to limit the damage a compromised account can do. Joomla! Component J-BusinessDirectory 4.9.7 - Exploit-DB
Ensure the application validates and sanitizes all user-supplied inputs before they are used in SQL queries.
Joomla! Component J-BusinessDirectory version 4.9.7.