Application: Joomla!
Affected Version: version 1.5 and other versions.
Vendor’s URL: Zoom Portfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: Version 1.0 and other versions.
Vendor’s URL: JGrid Component
Bug Type: File Inclusion and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion, SQL Injection

Application: Free Simple CMS
Affected Version: version 1.0 and other versions.
Vendor’s URL: Free Simple CMS
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

Application: CMSQLite
Affected Version: version 1.3.1 and other versions.
Vendor’s URL: CMSQLite
Bug Type: File Upload and Security Bypass
Risk Level: Critical

Solution:
Restrict access to the “admin” directory (e.g. via a “.htaccess” file).

Access Bypass, Content Management, File Inclusion

Application: Joomla
Affected Version: version 2.0.1 and other versions.
Vendor’s URL: onGallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: CMS Source
Affected Version: version 3.0 and other versions.
Vendor’s URL: CMS Source
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Content Management, Cross Site Scripting, SQL Injection

Application: Pligg
Affected Version: version 1.1.0 and other versions.
Vendor’s URL: Pligg
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.1.

Content Management, SQL Injection

Application: Joomla!
Affected Version: Version 1 and other versions.
Vendor’s URL: Teams Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: Amblog Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection, Session Hijacking

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: cgTestimonial Component
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to the components/com_cgtestimonial/user_images directory (e.g. via .htaccess)

Content Management, Cross Site Scripting, File Inclusion

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: NextGEN Smooth Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla!
Affected Version: version 1.6.9 and other versions.
Vendor’s URL: Spielothek Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: EasyManage CMS
Affected Version:
Vendor’s URL: EasyManage CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Reportedly a patch has been released. Contact the vendor for further information.

Content Management, SQL Injection

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: TTVideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:

Content Management, SQL Injection

Application: Joomla!
Affected Version: version 0.1.4 and other versions.
Vendor’s URL: IT Armory Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: versions prior to 2.1.2.
Vendor’s URL: Frei-Chat Component
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 2.1.2.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version:
Vendor’s URL: myLinksDump Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Joomla
Affected Version: version 1.3.2 and other versions
Vendor’s URL: InstantPhp Jobs Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.3.

Content Management, SQL Injection

Application: CMS Made Simple
Affected Version: version 1.4.1 and other versions.
Vendor’s URL: Download Manager Module
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the “modules/DownloadManager/lib/simple-upload/example.php” script (e.g. via .htaccess)

Content Management, File Inclusion

Application: Joomla
Affected Version: version 1.0.8 and other versions.
Vendor’s URL: AutarTimonial Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection