SECUNIA ADVISORY ID:
SA38404
VERIFY ADVISORY:
http://secunia.com/advisories/38404/
DESCRIPTION:
A vulnerability has been reported in the JEvents Search plugin for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.
Input passed to the "plgSearchEventsearch::onSearch()" method in
eventsearch.php is not properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.
The vulnerability is reported in versions prior to 1.5.3b.
SOLUTION:
Update to version 1.5.3b or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.jevents.net/forum/viewtopic.php?f=17&t=3910#p15526