Joomla! SectionEx Component Two SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA54424

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54424/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54424

RELEASE DATE:
2013-08-06
DESCRIPTION:
Matias Fontanini has reported two vulnerabilities in the SectionEx
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "filter_order" and "filter_order_Dir" POST
parameters to index.php (when "option" is set to "com_sectionex" and
"view" is set to "category") is not properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

The vulnerabilities are reported in versions prior to 2.5.104.

SOLUTION:
Update to version 2.5.104.

PROVIDED AND/OR DISCOVERED BY:
Matias Fontanini

ORIGINAL ADVISORY:
SectionEx:
http://stackideas.com/downloads/changelog/sectionex

RECENT ARTICLE

RECENT POST