Application: WordPress
Affected Version: versions prior to 3.0.4
Vendor’s URL: WordPress KSES Library
Bug Type: Cross SIte Scripting
Risk Level: Medium

Solution:
Update to version 3.0.4.

Content Management, Cross Site Scripting

Application: CubeCart
Affected Version: version 4.4.3 and other versions
Vendor’s URL: CubeCart
Bug Type: Cross-Site Request Forgery
Risk Level: Critical

Solution:
Do not browse untrusted websites while being logged in to the application.

Cross Site Scripting, E-Commerce

Application: WordPress
Affected Version: version 0.1 and other versions
Vendor’s URL: Accept Signups Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting

Application: Joomla!
Affected Version: version 1.1 and other versions.
Vendor’s URL: JE Auto Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.2.

Content Management, File Inclusion

Application: MH Products Easy Online Shop
Affected Version:
Vendor’s URL: MH Products Easy Online Shop
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters or character sequences via a proxy.

E-Commerce, SQL Injection

Application: Joomla!
Affected Version: version 1.5.0 and other versions.
Vendor’s URL: -
Bug Type: File Inclusion and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5.1.

Content Management, File Inclusion, SQL Injection

Application: Joomla
Affected Version: versions prior to 1.1.
Vendor’s URL: JE Auto Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, SQL Injection

Application: Joomla!
Affected Version: version 1.1 and other versions
Vendor’s URL: Billy Portfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: version 1.0 and other versions.
Vendor’s URL: JE Messenger Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the “Compose Mail” page to trusted users only.

Content Management, File Inclusion

Application: Exponent CMS
Affected Version: version 2.0.0pr2 or other versions.
Vendor’s URL: Exponent CMS
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Application: Ecommercemax Solutions Digital-goods seller (DGS)
Affected Version:
Vendor’s URL: Ecommercemax Solutions Digital-goods seller (DGS)
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

E-Commerce, SQL Injection

Application: Pulse CMS
Affected Version: version 1.2.8 and prior to this version
Vendor’s URL: Pulse CMS
Bug Type: Local File Inclusion
Risk Level: Critical

Solution:
Update to version 1.2.9.

Content Management, File Inclusion

Application: Joomla!
Affected Version: versions prior to 2.1.8.777
Vendor’s URL: sh404SEF Component
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to 2.1.8.777 or later.

Content Management, Cross Site Scripting, SQL Injection

Application: WordPress
Affected Version: versions prior to 3.0.2
Vendor’s URL: WordPress
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.0.2.

Content Management, SQL Injection

Application: Enano CMS
Affected Version: version 1.0.6pl2
Vendor’s URL: Enano CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.6pl3.

Content Management, SQL Injection