Domingo, 13 Mayo 2012 11:41

[20120301] - Core - SQL Injection Featured

Rate this item
(0 votes)

[20120301] - Core - SQL Injection

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.1, 2.5.0 and 1.7.0 - 1.7.5
  • Exploit type: SQL Injection
  • Reported Date: 2012-February-29
  • Fixed Date: 2012-March-05

Description

Inadequate escaping leads to SQL injection vulnerability.

Affected Installs

Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions

Solution

Upgrade to version 2.5.2

Reported by Ching Shiong Sow, Stratsec

Contact

The JSST at the Joomla! Security Center.

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.