SECUNIA ADVISORY ID:
SA37926
VERIFY ADVISORY:
http://secunia.com/advisories/37926/
DESCRIPTION:
Some vulnerabilities have been reported in the Memory Book! component
for Joomla!, which can be exploited by malicious users to conduct SQL
injection attacks and potentially compromise a vulnerable system.
1) Input passed to the event description when adding a new event is
not properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation may require a valid user account.
2) The security issue is caused due to the application improperly
validating uploaded files. This can be exploited to execute arbitrary
PHP code by uploading a PHP file with e.g. an appended ".jpg" file
extension.
Successful exploitation may require a valid user account that Apache
is not configured to handle the mime-type for uploadable media files.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
jdc
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/10731