2 matches found
CVE-2010-2515
CVE-2010-2515 affects Joomla! with the JFaq (com_jfaq) component 1.2. Multiple SQL injection flaws exist in index.php when magic_quotes_gpc is disabled. An unauthenticated remote attacker can exploit the id parameter to run arbitrary SQL commands, and remote authenticated users with "Public Front...
CVE-2010-2514
CVE-2010-2514 affects the JFaq (com_jfaq) component version 1.2 for Joomla!. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. The root cause is improper handling of...