Application: Joomla Alberghi Component
Affected Version: 2.1.3 SR and other version.
Vendor’s URL: Joomla Alberghi Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Joomla Joovideo Component
Affected Version: 1.2.2 PRO and other versions.
Vendor’s URL: Joomla Joovideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Gallarific
Affected Version: Gallarific Free Edition 1.1 and other versions.
Vendor’s URL: http://www.gallarific.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Use another product, or disable it until the patch is released.

Access Bypass, Cross Site Scripting, Image Galleries

Application: Joomla Restaurante Component
Affected Version: 1.0 and other versions.
Vendor’s URL: Joomla Restaurante Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: PHPauction GPL
Affected Version: 2.51 and other versions.
Vendor’s URL: PHPauction GPL
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Applications, File Inclusion

Application: Joomla Acajoom PRO Component
Affected Version: 1.2.5 and 1.1.5 and other versions.
Vendor’s URL: Joomla Acajoom PRO Component
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: phpBP
Affected Version: 2 RC3 (2.204) FIX4 and other versions.
Vendor’s URL: phpBP
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply fix: phpBP 2 RC3 2.204 FIX5.

Discussion Boards, SQL Injection

Application: fuzzylime
Affected Version: 3.01 and other versions.
Vendor’s URL: fuzzylime
Bug Type: File inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Application: XOOPS Tutorials Module
Affected Version: 2.1b and other versions.
Vendor’s URL: XOOPS Tutorials Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Fully Modded phpBB
Affected Version: 80220 and other versions.
Vendor’s URL: Fully Modded phpBB
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Discussion Boards, SQL Injection

Application: EasyCalendar
Affected Version: 4.0tr and other versions.
Vendor’s URL: EasyCalendar
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Applications, Cross Site Scripting, SQL Injection

Application: PHP-Nuke Hadith Module
Affected Version:
Vendor’s URL: PHP-Nuke Hadith Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Joomla! eWriting Component
Affected Version: 1.2.1 and other versions.
Vendor’s URL: Joomla! eWriting Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: PHP-Nuke Kütüb-i Sitte Module
Affected Version: 1.1 and other versions.
Vendor’s URL: PHP-Nuke Kütüb-i Sitte Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: XOOPS Prayer List Module
Affected Version: 1.04 and other versions.
Vendor’s URL: XOOPS Prayer List Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: XOOPS Tiny Event Module
Affected Version: 1.01.
Vendor’s URL: XOOPS Tiny Event Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Tikiwiki
Affected Version: prior to 1.9.10.1.
Vendor’s URL: http://tikiwiki.org/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.9.10.1.

Content Management, Cross Site Scripting

Application: Joomla! Gary’s Cookbook Component
Affected Version: 2.4.0 and other versions.
Vendor’s URL: Joomla! Gary’s Cookbook Component
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Joomla!
Affected Version: Joomla! 1.0.x in versions 1.0.14 and 1.0.13 and prior versions.
Vendor’s URL: http://www.joomla.org/
Bug Type: File inclusion
Risk Level: Critical

Solution:
Update to version 1.0.15.

Content Management, File Inclusion

Application: Xoops XM-Memberstats Module
Affected Version: 2.0e and other versions.
Vendor’s URL: http://www.xoopsmalaysia.org
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection