Implement parameterized queries (prepared statements) to prevent the database from interpreting user input as executable code.
Upgrade J-BusinessDirectory to the latest version. This vulnerability specifically impacts version 4.9.7 and was addressed in subsequent security patches.
Configure the database user account used by the Joomla! application with least-privilege access to limit the damage a compromised account can do. Joomla! Component J-BusinessDirectory 4.9.7 - Exploit-DB 46230.rar
To protect against this vulnerability, administrators should take the following steps:
Complete extraction of the Joomla! database, including user credentials, configuration data, and business directory listings. Configure the database user account used by the Joomla
Joomla! Component J-BusinessDirectory version 4.9.7.
Ensure the application validates and sanitizes all user-supplied inputs before they are used in SQL queries. Component J-BusinessDirectory 4
SQL Injection (SQLi) via the 'type' parameter. Author: Ihsan Sencan. Disclosure Date: January 23, 2019. Platform: PHP-based web applications. Analysis of the Exploit (46230.rar Content)