SECUNIA ADVISORY ID:
SA38404

VERIFY ADVISORY:
http://secunia.com/advisories/38404/

DESCRIPTION:
A vulnerability has been reported in the JEvents Search plugin for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the "plgSearchEventsearch::onSearch()" method in
eventsearch.php is not properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is reported in versions prior to 1.5.3b.

SOLUTION:
Update to version 1.5.3b or later.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.jevents.net/forum/viewtopic.php?f=17&t=3910#p15526