Joomla Jobline Component "search" SQL Injection Vulnerability 

SECUNIA ADVISORY ID:
SA35877

VERIFY ADVISORY:
http://secunia.com/advisories/35877/

DESCRIPTION:
ManhLuat93 has discovered a vulnerability in the Jobline component
for Joomla!, which can be exploited by malicious people to conduct
SQL injection attacks.

Input passed to the "search" parameter in
components/com_jobline/jobline.php is not properly sanitised before
being used in SQL queries. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is
disabled.

The vulnerability is confirmed in version 1.1.2.2. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
ManhLuat93

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/9187

DOWNLOAD
JOOMLA!

Download Joomla!

Joomla! 4.x Thai Translation Language Packs

Joomla! 3.x Thai Translation Language Packs

OUR NETWORK


CMSPlugin.com
Joomla Extensions, Joomla Templates

Joomla!® User Group Thailand
Joomla!® User Group Thailand


Marvelic Engine Co., Ltd. รับพัฒนาเว็บไซต์ด้วย Joomla! , รับอบรม Joomla , ผู้เชี่ยวชาญ จูมล่า
รับทำเว็บ Joomla, อบรบ Joomla

Ribbon