Ensure the application validates and sanitizes all user-supplied inputs before they are used in SQL queries.
To protect against this vulnerability, administrators should take the following steps:
The ability to modify, corrupt, or delete data within the system. Remediation & Mitigation 46230.rar
Upgrade J-BusinessDirectory to the latest version. This vulnerability specifically impacts version 4.9.7 and was addressed in subsequent security patches.
Joomla! Component J-BusinessDirectory version 4.9.7. This vulnerability specifically impacts version 4
Implement parameterized queries (prepared statements) to prevent the database from interpreting user input as executable code.
SQL Injection (SQLi) via the 'type' parameter. Author: Ihsan Sencan. Disclosure Date: January 23, 2019. Platform: PHP-based web applications. Analysis of the Exploit (46230.rar Content) Disclosure Date: January 23
Configure the database user account used by the Joomla! application with least-privilege access to limit the damage a compromised account can do. Joomla! Component J-BusinessDirectory 4.9.7 - Exploit-DB