12 lines
No EOL
882 B
Text
12 lines
No EOL
882 B
Text
source: https://www.securityfocus.com/bid/26707/info
|
|
|
|
Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
Joomla! 1.5 RC3 is vulnerable; other versions may also be affected.
|
|
|
|
UPDATE (December 10, 2007): The validity of the issues is being disputed on the Joomla! Bug Tracker. Please see the references for details. Reports indicate that the related message was posted by a Joomla! developer, but this has not been confirmed.
|
|
|
|
http://www.example.com/index.php?searchword=&task=somechars%27+%2B+%27search&option=com_search
|
|
http://www.example.com/index.php?searchword=&task=search&option=somechars%27+%2B+%27com_search |