Joomla MisterEstate Component "searchstring" SQL Injection 

SECUNIA ADVISORY ID:
SA36351

VERIFY ADVISORY:
http://secunia.com/advisories/36351/

DESCRIPTION:
A vulnerability has been reported in MisterEstate component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the parameter "searchstring" when performing a search
is not properly sanitised before being used in SQL queries. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
code.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
jdc

DOWNLOAD
JOOMLA!

Download Joomla!

Joomla! 4.x Thai Translation Language Packs

Joomla! 3.x Thai Translation Language Packs

OUR NETWORK


CMSPlugin.com
Joomla Extensions, Joomla Templates

Joomla!® User Group Thailand
Joomla!® User Group Thailand


Marvelic Engine Co., Ltd. รับพัฒนาเว็บไซต์ด้วย Joomla! , รับอบรม Joomla , ผู้เชี่ยวชาญ จูมล่า
รับทำเว็บ Joomla, อบรบ Joomla

Ribbon