Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-4960. PoCs published by Pham Van Khanh.
AI-analyzed exploit summary The exploit describes a SQL injection vulnerability in the Joomla component com_youtubegallery, where the 'listid' and 'themeid' parameters are not properly sanitized. The vulnerability allows an attacker to inject malicious SQL queries via the URL parameters.
Description
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
Exploits (1)
The exploit describes a SQL injection vulnerability in the Joomla component com_youtubegallery, where the 'listid' and 'themeid' parameters are not properly sanitized. The vulnerability allows an attacker to inject malicious SQL queries via the URL parameters.