Application: Joomla!
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: QContacts Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.0.6.6 and prior versions.
Vendor’s URL: SCORM Cloud For WordPress Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 1.0.7.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 1.0.4 and other versions.
Vendor’s URL: UPM Polls Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Joomla!
Affected Version: version 2.0.17 and prior versions.
Vendor’s URL: JCE Component
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 2.0.19.
Content Management, File Inclusion
Application: WordPress
Affected Version: Prior to version 1.2
Vendor’s URL: iCopyright(R) Article Tools Plugin
Bug Type: Unspecified
Risk Level: Critical
Solution:
Update to version 1.2 or later.
Content Management
Application: WordPress
Affected Version: version 11.11.26
Vendor’s URL: WP Symposium Plugin
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 11.12.24.
Content Management, File Inclusion
Application: vtiger CRM
Affected Version: version 5.2.1
Vendor’s URL: Database Backup
Bug Type: Authentication Bypass
Risk Level: Critical
Solution:
Update to version 5.3.0.
Access Bypass, Content Management
Application: WordPress
Affected Version: version 1.4.1 and prior versions
Vendor’s URL: Mailing List Plugin
Bug Type: File Download
Risk Level: Critical
Solution:
Update to version 1.4.2.
Content Management, Information Disclosure
Application: Joomla!
Affected Version: version 2.1 and prior versions
Vendor’s URL: Fabrik Component
Bug Type: File Upload
Risk Level: Critical
Solution:
Update to version 2.1.1.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 1.9.26 and other versions.
Vendor’s URL: Yet Another Photoblog Plugin
Bug Type: Command Injection
Risk Level: Critical
Solution:
Update to version 1.10 or later.
Content Management, Remote Command Execution
Application: WordPress
Affected Version: version 3.8.7.1 and prior versions.
Vendor’s URL: WP e-Commerce Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 3.8.7.2.
Content Management, Cross Site Scripting
Application: Joomla!
Affected Version: versions prior to 1.8.
Vendor’s URL: obSuggest Component
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 1.8.
Content Management, File Inclusion
Application: WordPress
Affected Version: version 3.6.6 and other versions.
Vendor’s URL: AdRotate Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: WordPress
Affected Version: version 2.2.3 and prior versions.
Vendor’s URL: Zingiri Web Shop Plugin
Bug Type: Code Injection
Risk Level: Critical
Solution:
Update to version 2.2.4.
Content Management, Remote Command Execution
Application: vtiger CRM
Affected Version: version 5.2.1 and other versions.
Vendor’s URL: vtiger CRM
Bug Type: File Inclusion
Risk Level: Critical
Solution:
Update to version 5.3.0 RC.
Content Management, File Inclusion
Application: LabWiki
Affected Version: version 1.1 and other versions.
Vendor’s URL: LabWiki
Bug Type: Cross Site Scripting, system access
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised and verified.
Access Bypass, Content Management, Cross Site Scripting
Application: zenphoto
Affected Version: version 1.4.1.4 and prior versions.
Vendor’s URL: Ajax File Manager
Bug Type: Code Injection
Risk Level: Critical
Solution:
Update to version 1.4.1.5 or later.
Image Galleries, Remote Command Execution
Application: CmyDocument Content Management
Affected Version: CmyDocument (2010-01-10) and other versions.
Vendor’s URL: CmyDocument Content Management
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting, SQL Injection
Application: Drupal
Affected Version: versions prior to 6.x-2.13.
Vendor’s URL: Views Module
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 6.x-2.13 or later
Content Management, SQL Injection