Application: Joomla!
Affected Version: version 2.0.13 and other versions.
Vendor’s URL: AlphaRegistration Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 1.5.16 and other versions.
Vendor’s URL: Simple Page Options Module
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly verified.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 3.8.4 and prior versions.
Vendor’s URL: WP e-Commerce Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 3.8.5.
Content Management, SQL Injection
Application: vBulletin
Affected Version: 4.1.4pl2 and prior versions.
Vendor’s URL: vBulletin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to a fixed version.
Discussion Boards, SQL Injection
Application: WordPress
Affected Version: version 4.0.7 and other versions
Vendor’s URL: bSuite Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting
Application: Joomla!
Affected Version: versions prior to 1.2.7.
Vendor’s URL: AvReloaded Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.2.7.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 2.9.3.2 and prior version
Vendor’s URL: Sobi2 Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.9.4.
Content Management, SQL Injection
Application: Joomla!
Affected Version: versions prior to 2.1.
Vendor’s URL: Fabrik Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.1.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 1.2.11
Vendor’s URL: Xmap Component
Bug Type: SQL Injection
Risk Level: SQL Injection
Solution:
Update to version 1.2.12.
Content Management, SQL Injection
Application: Drupal
Affected Version: versions 7.0, 7.1, and 7.2.
Vendor’s URL: Drupal
Bug Type: Security Bypass
Risk Level: Security Bypass
Solution:
Update to a fixed version.
Access Bypass, Content Management
Application: Joomla!
Affected Version: version 1.3 for Joomla! 1.5 and confirmed in version 1.2 for Joomla! 1.6.
Vendor’s URL: Newsletter Subscriber Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 1.3 for Joomla! 1.5 (released June 28th, 2011) or version 1.2 for Joomla! 1.6 (released June 29th, 2011).
Content Management, Cross Site Scripting
Application: WordPress
Affected Version: versions 3.1.3 and prior
Vendor’s URL: WordPress
Bug Type: Unauthorized Access and SQL Injection
Risk Level: Critical
Solution:
Update to version 3.1.4.
Access Bypass, Content Management, SQL Injection