Joomla! News

Joomla! "id" Parameter SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA21665

VERIFY ADVISORY:
http://secunia.com/advisories/21665/

CRITICAL:
Less critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
Joomla! 1.x
http://secunia.com/product/5788/

DESCRIPTION:
A vulnerability has been discovered in Joomla!, which can be
exploited by malicious users to conduct SQL injection attacks.

For more information:
SA21644

The vulnerability has been confirmed in version 1.0.10. Other
versions may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

Grant only trusted users "Editor" privileges.

OTHER REFERENCES:
SA21644:
http://secunia.com/advisories/21644/

Joomla Community Builder Component File Inclusion

SECUNIA ADVISORY ID:
SA21636

VERIFY ADVISORY:
http://secunia.com/advisories/21636/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Community Builder 1.x (component for Joomla)
http://secunia.com/product/11706/

DESCRIPTION:
Matdhule has reported a vulnerability in the Community Builder
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
administrator/components/com_comprofiler/plugin.class.php isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from external and local
resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been reported in versions 1.0 RC 2 and 1.0.
Prior versions may also be affected.

SOLUTION:
Update to version 1.0.1.
http://www.joomlapolis.com/component/option,com_docman/task,cat_view/gid,46/Itemid,36/

PROVIDED AND/OR DISCOVERED BY:
Matdhule

Joomla JIM Component File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA21545

VERIFY ADVISORY:
http://secunia.com/advisories/21545/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
JIM 1.x (component for Joomla)
http://secunia.com/product/11574/

DESCRIPTION:
XORON has discovered a vulnerability in the JIM component for Joomla,
which can be exploited by malicious people to compromise a vulnerable
system.

Input passed to the "mosConfig_absolute_path" parameter in
components/com_jim/install.jim.php is not properly verified, before
it is used to include files. This can be exploited to include
arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.0.1. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that the input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
XORON

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2203

Joomla Webring Component "component_dir" File Inclusion

SECUNIA ADVISORY ID:
SA21495

VERIFY ADVISORY:
http://secunia.com/advisories/21495/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Webring 1.x (component for Joomla)
http://secunia.com/product/11410/

DESCRIPTION:
xoron has discovered a vulnerability in the Webring component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "component_dir" parameter in
administrator/components/com_webring/admin.webring.docs.php isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from external and local
resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.0. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
xoron

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2177

Joomla JD-Wiki Component File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA21389

VERIFY ADVISORY:
http://secunia.com/advisories/21389/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
JD-Wiki 1.x (component for Joomla)
http://secunia.com/product/11256/

DESCRIPTION:
jank0 has reported a vulnerability in the JD-Wiki component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in
components/com_jd-wiki/lib/tpl/default/main.php isn't properly
verified, before it is used to include files. This can be exploited
to include arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

SOLUTION:
Update to version 1.0.3:
http://forge.joomla.org/sf/frs/do/downloadFile/projects.joomladeveloping/frs.joomla_1_0_x.components/frs6415?dl=1

PROVIDED AND/OR DISCOVERED BY:
jank0

ORIGINAL ADVISORY:
http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/
http://milw0rm.com/exploits/2125

Joomla Security Images Component File Inclusion

SECUNIA ADVISORY ID:
SA21260

VERIFY ADVISORY:
http://secunia.com/advisories/21260/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Security Images 3.x (component for Joomla)
http://secunia.com/product/11186/

DESCRIPTION:
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter is not
properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.

Affected files:
administrator/components/com_securityimages/configinsert.php
administrator/components/com_securityimages/lang.php

Successful exploitation requires that "register_globals" is enabled.

The vulnerabilities have been confirmed in version 3.0.5. Other
version may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
Drago84

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2083

RECENT ARTICLE