Joomla SQL Reports Component "user_id" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA38678

VERIFY ADVISORY:
http://secunia.com/advisories/38678/

DESCRIPTION:
A vulnerability has been discovered in the SQL Reports component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed via the "user_id" parameter to
administrator/components/com_sqlreport/ajax/print.php is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
Snakespc

RECENT ARTICLE

RECENT POST