CVE-2018-25197

Vulnerability

Overview PlayJoom 0.10.1 contains an SQL injection vulnerability in the catid parameter of the genre view. Unauthenticated attackers can inject arbitrary SQL by sending a GET request to index.php?option=com_playjoom&view=genre&catid=[SQL]. The vulnerability stems from insufficient sanitization of user input before it is used in database queries.

Exploitation

Details Exploitation requires no authentication; an attacker only needs network access to the PlayJoom instance. The malicious SQL payload is URL-encoded and sent via the catid parameter. The provided proof-of-concept (PoC) demonstrates extraction of database user, database name, and version information using a crafted payload [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL queries, leading to extraction of sensitive data such as usernames, database names, and version details. This could compromise the confidentiality of the underlying database and potentially lead to further attacks.

Mitigation

At the time of disclosure (November 2018), no patch was available. The vendor site (playjoom.telgo.info) is no longer accessible, suggesting the project may be abandoned. Users are advised to disable or remove PlayJoom until a fix is applied [1][2].