Joomla! Quiz Component "tid" SQL Injection

SECUNIA ADVISORY ID:
SA28980

VERIFY ADVISORY:
http://secunia.com/advisories/28980/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
Quiz 0.x (component for Joomla)
http://secunia.com/product/17582/

DESCRIPTION:
S@BUN has discovered a vulnerability in the Quiz component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

For more information:
SA28940

The vulnerability is confirmed in version 0.81. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
S@BUN

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/5119

OTHER REFERENCES:
SA28940:
http://secunia.com/advisories/28940/

RECENT ARTICLE

RECENT POST