Joomla! Freestyle FAQs and Testimonials Components Unspecified SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA46573

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46573/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46573

RELEASE DATE:
2011-10-25
DESCRIPTION:
A vulnerability has been reported in the Freestyle FAQs and Freestyle
Testimonials components for Joomla!, which can be exploited by
malicious people to conduct SQL injection attacks.

Certain unspecified input is not properly sanitised before being used
in SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

The vulnerability is reported in version 1.5.6. Other versions may
also be affected.

SOLUTION:
Update to version 1.9.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
Freestyle:
http://freestyle-joomla.com/index.php?announceid=43

Joomla:
http://docs.joomla.org/Vulnerable_Extensions_List#Freestyle_FAQ_1.5.6

RECENT ARTICLE

RECENT POST