Exabytes Security Portal » SQL Injection

Joomla! Zoom Portfolio Component “id” SQL Injection

August 25th, 2010

Comments Off

Application: Joomla!
Affected Version: version 1.5 and other versions.
Vendor’s URL: Zoom Portfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JGrid Component File Inclusion and SQL Injection

August 25th, 2010

Comments Off

Application: Joomla
Affected Version: Version 1.0 and other versions.
Vendor’s URL: JGrid Component
Bug Type: File Inclusion and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion, SQL Injection

Joomla onGallery Component “id” SQLi

August 25th, 2010

Comments Off

Application: Joomla
Affected Version: version 2.0.1 and other versions.
Vendor’s URL: onGallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

CMS Source Multiple Vulnerabilities

August 25th, 2010

Comments Off

Application: CMS Source
Affected Version: version 3.0 and other versions.
Vendor’s URL: CMS Source
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Content Management, Cross Site Scripting, SQL Injection

Pligg Multiple SQLi

August 25th, 2010

Comments Off

Application: Pligg
Affected Version: version 1.1.0 and other versions.
Vendor’s URL: Pligg
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.1.

Content Management, SQL Injection

Joomla! Teams Component “PlayerID” SQLi

August 25th, 2010

Comments Off

Application: Joomla!
Affected Version: Version 1 and other versions.
Vendor’s URL: Teams Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Amblog Component “catid” and “articleid” SQLi

August 25th, 2010

Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: Amblog Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection, Session Hijacking

WordPress NextGEN Smooth Gallery Plugin “galleryID” SQLi

August 25th, 2010

Comments Off

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: NextGEN Smooth Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Spielothek Component Multiple SQLi

August 25th, 2010

No comments

Application: Joomla!
Affected Version: version 1.6.9 and other versions.
Vendor’s URL: Spielothek Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

EasyManage CMS “id” Two SQL Injections

August 25th, 2010

Comments Off

Application: EasyManage CMS
Affected Version:
Vendor’s URL: EasyManage CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Reportedly a patch has been released. Contact the vendor for further information.

Content Management, SQL Injection

Joomla! TTVideo Component “cid” SQLi

July 29th, 2010

Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: TTVideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:

Content Management, SQL Injection

Joomla! IT Armory Component Multiple SQLi

July 29th, 2010

Comments Off

Application: Joomla!
Affected Version: version 0.1.4 and other versions.
Vendor’s URL: IT Armory Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress myLinksDump Plugin “url” SQLi

July 29th, 2010

Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: myLinksDump Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla InstantPhp Jobs Component “detailed_results” SQLi

July 29th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.3.2 and other versions
Vendor’s URL: InstantPhp Jobs Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.3.

Content Management, SQL Injection

Joomla AutarTimonial Component “limit” SQLi

July 29th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.0.8 and other versions.
Vendor’s URL: AutarTimonial Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress Simple:Press Plugin “value” SQLi

July 29th, 2010

Comments Off

Application: WordPress
Affected Version: version 4.3.1 and other versions.
Vendor’s URL: Simple:Press Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla BookLibrary From Same Author Module “id” SQLi

July 29th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.5 and other versions.
Vendor’s URL: BookLibrary From Same Author Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5_2010_06_25.

Content Management, SQL Injection

phpaaCMS “id” SQLi

July 29th, 2010

Comments Off

Application: phpaaCMS
Affected Version: version 0.3.1 UTF-8 and other versions
Vendor’s URL: phpaaCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla CKForms Component Multiple Vulnerabilities

July 29th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.3.4 and other versions
Vendor’s URL: CKForms Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Change the “Uploaded files path” setting to a directory outside of the web root.

Content Management, SQL Injection

Joomla BookLibrary Component Multiple SQLi

July 29th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.5.3 Basic and other versions.
Vendor’s URL: BookLibrary Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5.3_2010_06_20.

Content Management, SQL Injection

Archive

Joomla! Zoom Portfolio Component “id” SQL Injection

Joomla JGrid Component File Inclusion and SQL Injection

Joomla onGallery Component “id” SQLi

CMS Source Multiple Vulnerabilities

Pligg Multiple SQLi

Joomla! Teams Component “PlayerID” SQLi

Joomla! Amblog Component “catid” and “articleid” SQLi

WordPress NextGEN Smooth Gallery Plugin “galleryID” SQLi

Joomla! Spielothek Component Multiple SQLi

EasyManage CMS “id” Two SQL Injections

Joomla! TTVideo Component “cid” SQLi

Joomla! IT Armory Component Multiple SQLi

WordPress myLinksDump Plugin “url” SQLi

Joomla InstantPhp Jobs Component “detailed_results” SQLi

Joomla AutarTimonial Component “limit” SQLi

WordPress Simple:Press Plugin “value” SQLi

Joomla BookLibrary From Same Author Module “id” SQLi

phpaaCMS “id” SQLi

Joomla CKForms Component Multiple Vulnerabilities

Joomla BookLibrary Component Multiple SQLi

Categories

Archives