Application: LightOpenCMS
Affected Version: version 0.1 and other versions
Vendor’s URL: LightOpenCMS
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Set “register_globals” to “Off”.
Application: Joomla!
Affected Version: versions prior to 2.3.
Vendor’s URL: Ozio Gallery
Bug Type: File Manipulation
Risk Level: Critical
Solution:
Update to version 2.3.
http://www.joomla.it/download/oziogallery.html
Application: Joomla
Affected Version: version 1.6 and other versions.
Vendor’s URL: JBDiary Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Joomla
Affected Version: version 2.1
Vendor’s URL: Document Seller for Docman Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Joomla
Affected Version:
Vendor’s URL: jEmbed-Embed Anything Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Joomla
Affected Version: versions prior to 1.1
Vendor’s URL: TPJobs Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.1.
Application: Xoops
Affected Version: version 2.4.2 and prior versions.
Vendor’s URL: Xoops
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium
Solution:
Update to version 2.4.3.
Application: Joomla
Affected Version: version 1.5
Vendor’s URL: iF Portfolio Nexus Component
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Application: Joomla!
Affected Version:
Vendor’s URL: BeeHeard Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Filter malicious characters and character sequences using a proxy.