Application: LightOpenCMS
Affected Version: version 0.1 and other versions
Vendor’s URL: LightOpenCMS
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.
Set “register_globals” to “Off”.

Content Management, File Inclusion

Application: Joomla!
Affected Version: versions prior to 2.3.
Vendor’s URL: Ozio Gallery
Bug Type: File Manipulation
Risk Level: Critical

Solution:
Update to version 2.3.
http://www.joomla.it/download/oziogallery.html

Content Management

Application: Joomla
Affected Version: version 1.6 and other versions.
Vendor’s URL: JBDiary Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: version 2.1
Vendor’s URL: Document Seller for Docman Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version:
Vendor’s URL: jEmbed-Embed Anything Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: versions prior to 1.1
Vendor’s URL: TPJobs Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, SQL Injection

Application: Xoops
Affected Version: version 2.4.2 and prior versions.
Vendor’s URL: Xoops
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Update to version 2.4.3.

Content Management, Cross Site Scripting, SQL Injection

Application: Joomla
Affected Version: version 1.5
Vendor’s URL: iF Portfolio Nexus Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Application: Joomla!
Affected Version:
Vendor’s URL: BeeHeard Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

Content Management, SQL Injection

Application: WordPress
Affected Version:
Vendor’s URL: Woopra Analytics Plugin
Bug Type: System Access
Risk Level: Critical

Solution:
Update to version 1.4.3.2.

Remove ofc_upload_image.php file from the Open Flash Chart directory.

Access Bypass, Content Management

Application: Joomla
Affected Version: version 1.0.0.1 and other versions.
Vendor’s URL: JEEMA Article Collection Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: version 1.0.0 and other versions.
Vendor’s URL: JoomPortfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: WP-Forum
Affected Version: versions 2.3 and 2.4 and other versions.
Vendor’s URL: WP-Forum
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

Application: Invision Power Board
Affected Version: version 2.3.6 and other versions.
Vendor’s URL: Invision Power Board
Bug Type: Script Insertion and SQL Injection
Risk Level: Medium

Solution:
Upgrade to version 3.0.5 or later.

Discussion Boards, SQL Injection

Application: Joomla
Affected Version: version 1.0
Vendor’s URL: JPhoto Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1 or later.

Content Management, SQL Injection

Application: Zen Cart
Affected Version: version 1.3.8a (full fileset 12112007) and other versions
Vendor’s URL: Zen Cart
Bug Type: File Inclusion
Risk Level: Critical

Solution:
The vendor recommends to delete the “extras” folder from the webroot.

E-Commerce, File Inclusion

Application: Wordpress
Affected Version: version 3.2.4 and other versions
Vendor’s URL: Google Analytics Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 3.2.5.

Content Management, Cross Site Scripting

Application: Joomla
Affected Version: version 1.0 and others
Vendor’s URL: Joaktree Component
Bug Type: SQL Injection
Risk Level: High

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: version 1.0.4 and other versions
Vendor’s URL: LyftenBloggie Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: version 2.1.4 and other versions
Vendor’s URL: GCalendar Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection