Monday, 27 June 2011 14:37

[20110408] - Core - SQL Injection

Rate this item
(0 votes)

[20110408] - Core - SQL Injection

  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.6.1 and 1.6.0
  • Exploit type: SQL Injection
  • Reported Date: 2011-March-12
  • Fixed Date: 2011-April-14

Description

Unescaped values in query leads to SQL injection vulnerability.

Affected Installs

Joomla! version 1.6.1 and 1.6.0 versions

Solution

Upgrade to the latest Joomla! version (1.6.2 or later)

Reported by anonymous.

Contact

The JSST at the Joomla! Security Center.

Read Full Article

More in this category: [20110402] - Core - Information Disclosure »

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

back to top