Exabytes Security Portal » SQL Injection

Joomla Webee Comments Component “articleId” SQLi

February 23rd, 2010

Comments Off

Application: Joomla
Affected Version: version 2.0 and other versions.
Vendor’s URL: Webee Comments Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JQuarks Component “id” SQLi

February 23rd, 2010

Comments Off

Application: Joomla
Affected Version: version 0.2.3 and other versions.
Vendor’s URL: JQuarks Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.2.4 or later.

Content Management, SQL Injection

Joomla Productbook Component “id” SQLi

February 23rd, 2010

Comments Off

Application: Joomla
Affected Version: version 1.0.4
Vendor’s URL: Productbook Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JEvents Search Plugin SQLi

February 23rd, 2010

Comments Off

Application: Joomla
Affected Version: versions prior to 1.5.3b
Vendor’s URL: JEvents Search Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5.3b or later.

Content Management, SQL Injection

Joomla! jVideoDirect Component “v” SQLi

February 23rd, 2010

Comments Off

Application: Joomla!
Affected Version: version 1.1RC3b and other versions.
Vendor’s URL: jVideoDirect Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Documents Seller Component “category_id” SQLi

February 23rd, 2010

Comments Off

Application: Joomla!
Affected Version: version 2.5.1 and other versions.
Vendor’s URL: Documents Seller Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

Content Management, SQL Injection

Joomla! JE Event Calendars Component “event_id” SQLi

February 23rd, 2010

Comments Off

Application: Joomla
Affected Version: version 1.0
Vendor’s URL: JE Event Calendars Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JBDiary Component Multiple SQLi

January 27th, 2010

Comments Off

Application: Joomla
Affected Version: version 1.6 and other versions.
Vendor’s URL: JBDiary Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla Document Seller for Docman Component “id” SQLi

January 27th, 2010

Comments Off

Application: Joomla
Affected Version: version 2.1
Vendor’s URL: Document Seller for Docman Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla jEmbed-Embed Anything Component “catid” SQLi

January 27th, 2010

Comments Off

Application: Joomla
Affected Version:
Vendor’s URL: jEmbed-Embed Anything Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! TPJobs Component “id_c[]” SQLi

January 27th, 2010

Comments Off

Application: Joomla
Affected Version: versions prior to 1.1
Vendor’s URL: TPJobs Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, SQL Injection

Xoops XSS and SQLi

January 27th, 2010

Comments Off

Application: Xoops
Affected Version: version 2.4.2 and prior versions.
Vendor’s URL: Xoops
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Update to version 2.4.3.

Content Management, Cross Site Scripting, SQL Injection

Joomla! BeeHeard Component “category_id” SQLi

January 27th, 2010

Comments Off

Application: Joomla!
Affected Version:
Vendor’s URL: BeeHeard Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

Content Management, SQL Injection

Joomla JEEMA Article Collection Component “catid” SQLi

December 24th, 2009

Comments Off

Application: Joomla
Affected Version: version 1.0.0.1 and other versions.
Vendor’s URL: JEEMA Article Collection Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JoomPortfolio Component “secid” SQLi

December 24th, 2009

Comments Off

Application: Joomla
Affected Version: version 1.0.0 and other versions.
Vendor’s URL: JoomPortfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WP-Forum Multiple SQLi

December 24th, 2009

Comments Off

Application: WP-Forum
Affected Version: versions 2.3 and 2.4 and other versions.
Vendor’s URL: WP-Forum
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Discussion Boards, SQL Injection

Invision Power Board Script Insertion and SQLi

December 24th, 2009

Comments Off

Application: Invision Power Board
Affected Version: version 2.3.6 and other versions.
Vendor’s URL: Invision Power Board
Bug Type: Script Insertion and SQL Injection
Risk Level: Medium

Solution:
Upgrade to version 3.0.5 or later.

Discussion Boards, SQL Injection

Joomla JPhoto Component “id” SQLi

December 24th, 2009

Comments Off

Application: Joomla
Affected Version: version 1.0
Vendor’s URL: JPhoto Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1 or later.

Content Management, SQL Injection

Joomla Joaktree Component “treeId” SQLi

December 24th, 2009

Comments Off

Application: Joomla
Affected Version: version 1.0 and others
Vendor’s URL: Joaktree Component
Bug Type: SQL Injection
Risk Level: High

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla LyftenBloggie Component “author” SQLi

December 1st, 2009

Comments Off

Application: Joomla
Affected Version: version 1.0.4 and other versions
Vendor’s URL: LyftenBloggie Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Archive

Joomla Webee Comments Component “articleId” SQLi

Joomla JQuarks Component “id” SQLi

Joomla Productbook Component “id” SQLi

Joomla JEvents Search Plugin SQLi

Joomla! jVideoDirect Component “v” SQLi

Joomla! Documents Seller Component “category_id” SQLi

Joomla! JE Event Calendars Component “event_id” SQLi

Joomla JBDiary Component Multiple SQLi

Joomla Document Seller for Docman Component “id” SQLi

Joomla jEmbed-Embed Anything Component “catid” SQLi

Joomla! TPJobs Component “id_c[]” SQLi

Xoops XSS and SQLi

Joomla! BeeHeard Component “category_id” SQLi

Joomla JEEMA Article Collection Component “catid” SQLi

Joomla JoomPortfolio Component “secid” SQLi

WP-Forum Multiple SQLi

Invision Power Board Script Insertion and SQLi

Joomla JPhoto Component “id” SQLi

Joomla Joaktree Component “treeId” SQLi

Joomla LyftenBloggie Component “author” SQLi

Categories

Archives