Joomla GBU Facebook Component "face_id" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA39487

VERIFY ADVISORY:
http://secunia.com/advisories/39487/

DESCRIPTION:
A vulnerability has been discovered in the GBU Facebook component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "face_id" parameter to index.php (when "option"
is set to "com_gbufacebook" and "task" is set to "show_face") is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0.5. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
kaMtiEz

RECENT ARTICLE

RECENT POST