Joomla Component Joomlub "aid" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA36607

VERIFY ADVISORY:
http://secunia.com/advisories/36607/

DESCRIPTION:
A vulnerability has been reported in Joomlub, which can be exploited
by malicious people to conduct SQL injection attacks.

Input passed via the "aid" parameter to index.php (if "option" is set
to "com_joomlub", "controller" and "view" are set to "auction", and
"task" is set to "edit") is not properly sanitised before being used
in SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

SOLUTION:
Reportedly fixed. Contact the vendor for additional information.

PROVIDED AND/OR DISCOVERED BY:
599eme Man

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/9593

RECENT ARTICLE

RECENT POST