Archive

Archive for the ‘SQL Injection’ Category

Joomla! Zoom Portfolio Component “id” SQL Injection

August 25th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.5 and other versions.
Vendor’s URL: Zoom Portfolio Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla JGrid Component File Inclusion and SQL Injection

August 25th, 2010
Comments Off

Application: Joomla
Affected Version: Version 1.0 and other versions.
Vendor’s URL: JGrid Component
Bug Type: File Inclusion and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion, SQL Injection

Joomla onGallery Component “id” SQLi

August 25th, 2010
Comments Off

Application: Joomla
Affected Version: version 2.0.1 and other versions.
Vendor’s URL: onGallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

CMS Source Multiple Vulnerabilities

August 25th, 2010
Comments Off

Application: CMS Source
Affected Version: version 3.0 and other versions.
Vendor’s URL: CMS Source
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Content Management, Cross Site Scripting, SQL Injection

Pligg Multiple SQLi

August 25th, 2010
Comments Off

Application: Pligg
Affected Version: version 1.1.0 and other versions.
Vendor’s URL: Pligg
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.1.1.

Content Management, SQL Injection

Joomla! Teams Component “PlayerID” SQLi

August 25th, 2010
Comments Off

Application: Joomla!
Affected Version: Version 1 and other versions.
Vendor’s URL: Teams Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Amblog Component “catid” and “articleid” SQLi

August 25th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: Amblog Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection, Session Hijacking

WordPress NextGEN Smooth Gallery Plugin “galleryID” SQLi

August 25th, 2010
Comments Off

Application: WordPress
Affected Version: version 1.2 and other versions.
Vendor’s URL: NextGEN Smooth Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla! Spielothek Component Multiple SQLi

August 25th, 2010

Application: Joomla!
Affected Version: version 1.6.9 and other versions.
Vendor’s URL: Spielothek Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

EasyManage CMS “id” Two SQL Injections

August 25th, 2010
Comments Off

Application: EasyManage CMS
Affected Version:
Vendor’s URL: EasyManage CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Reportedly a patch has been released. Contact the vendor for further information.

Content Management, SQL Injection

Joomla! TTVideo Component “cid” SQLi

July 29th, 2010
Comments Off

Application: Joomla!
Affected Version: version 1.0 and other versions.
Vendor’s URL: TTVideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:

Content Management, SQL Injection

Joomla! IT Armory Component Multiple SQLi

July 29th, 2010
Comments Off

Application: Joomla!
Affected Version: version 0.1.4 and other versions.
Vendor’s URL: IT Armory Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress myLinksDump Plugin “url” SQLi

July 29th, 2010
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: myLinksDump Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla InstantPhp Jobs Component “detailed_results” SQLi

July 29th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.3.2 and other versions
Vendor’s URL: InstantPhp Jobs Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.3.

Content Management, SQL Injection

Joomla AutarTimonial Component “limit” SQLi

July 29th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.0.8 and other versions.
Vendor’s URL: AutarTimonial Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

WordPress Simple:Press Plugin “value” SQLi

July 29th, 2010
Comments Off

Application: WordPress
Affected Version: version 4.3.1 and other versions.
Vendor’s URL: Simple:Press Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla BookLibrary From Same Author Module “id” SQLi

July 29th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.5 and other versions.
Vendor’s URL: BookLibrary From Same Author Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5_2010_06_25.

Content Management, SQL Injection

phpaaCMS “id” SQLi

July 29th, 2010
Comments Off

Application: phpaaCMS
Affected Version: version 0.3.1 UTF-8 and other versions
Vendor’s URL: phpaaCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Joomla CKForms Component Multiple Vulnerabilities

July 29th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.3.4 and other versions
Vendor’s URL: CKForms Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised. Change the “Uploaded files path” setting to a directory outside of the web root.

Content Management, SQL Injection

Joomla BookLibrary Component Multiple SQLi

July 29th, 2010
Comments Off

Application: Joomla
Affected Version: version 1.5.3 Basic and other versions.
Vendor’s URL: BookLibrary Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.5.3_2010_06_20.

Content Management, SQL Injection