Application: WordPress
Affected Version: version 0.4.1 and other versions
Vendor’s URL: cdnvote Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 2.9.23 and prior versions
Vendor’s URL: Comment Rating Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.9.24.
Content Management, SQL Injection
Application: Joomla!
Affected Version: versions prior to 1.5.7.7
Vendor’s URL: JCE Component
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 1.5.7.7.
Content Management, File Inclusion
Application: Joomla!
Affected Version: versions prior to 1.0.1.
Vendor’s URL: People Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.0.1.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 1.6.2 and other version
Vendor’s URL: Kunena Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.6.3.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.6.1 and other versions
Vendor’s URL: WP Forum Server Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: WordPress Enable Media Replace Plugin
Affected Version: version 2.3 and other versions.
Vendor’s URL: Enable Media Replace Plugin
Bug Type: SQL Injection and System Bypass
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised. Grant the “Author” role to trusted users only.
Access Bypass, Content Management, SQL Injection
Application: Drupal
Affected Version: versions prior to 6.x-2.8.
Vendor’s URL: Droptor Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 6.x-2.8 or later.
Content Management, SQL Injection
Application: Serendipity
Affected Version: bundled version of Xinha.
Vendor’s URL: Serendipity Xinha
Bug Type: Cross-Site Scripting and File Upload
Risk Level: Critical
Solution:
Update to version 1.5.5.
Original Advisory
http://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html
Content Management, Cross Site Scripting, File Inclusion
Application: VirtueMart
Affected Version: version 1.1.6 and other versions.
Vendor’s URL: VirtueMart
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Apply patch.
E-Commerce, SQL Injection
Application: Simple Web Content Management System
Affected Version: version downloaded on 2011-02-01 and other versions.
Vendor’s URL: Simple Web Content Management System
Bug Type: Security Bypass and SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to admin/item_delete.php (e.g. via .htaccess).
Access Bypass, Content Management, SQL Injection
Application: Joomla!
Affected Version: version 3.4.1
Vendor’s URL: Frontend-User-Access
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 3.4.2.
Content Management, File Inclusion