Joomla! Related Items Module SQL Injection

2006-06-26T04:34:16
ID OSVDB:26911
Type osvdb
Reporter OSVDB
Modified 2006-06-26T04:34:16

Description

Vulnerability Description

Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Related Items' module. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Upgrade to version 1.0.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Related Items' module. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor Specific News/Changelog Entry: http://www.joomla.org/content/view/1510/74/ Secunia Advisory ID:20874 Related OSVDB ID: 26913 Related OSVDB ID: 26914 Related OSVDB ID: 26916 Related OSVDB ID: 26917 Related OSVDB ID: 26910 Related OSVDB ID: 26912 Related OSVDB ID: 26915 Related OSVDB ID: 26918 ISS X-Force ID: 27520 CVE-2006-3481 Bugtraq ID: 18742