Menu

[20110408] – Core – SQL Injection

April 15th, 2011

  • Project: Joomla!
  • SubProject: All
  • Severity: Medium
  • Versions: 1.6.1 and 1.6.0
  • Exploit type: SQL Injection
  • Reported Date: 2011-March-12
  • Fixed Date: 2011-April-14

Description

Unescaped values in query leads to SQL injection vulnerability.

Affected Installs

Joomla! version 1.6.1 and 1.6.0 versions

Solution

Upgrade to the latest Joomla! version (1.6.2 or later)

Reported by anonymous.

Contact

The JSST at the Joomla! Security Center.