Home > Content Management, SQL Injection > Joomla CKForms Component Multiple Vulnerabilities

Joomla CKForms Component Multiple Vulnerabilities

July 29th, 2010

Application: Joomla
Affected Version: version 1.3.4 and other versions
Vendor’s URL: CKForms Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Change the “Uploaded files path” setting to a directory outside of the web root.

Content Management, SQL Injection

Comments are closed.