SECUNIA ADVISORY ID:
Chip D3 Bi0s has reported two vulnerabilities in the DJ-Catalog
component for Joomla, which can be exploited by malicious people to
conduct SQL injection attacks.
Input passed via the "id" parameter to index.php (if "option" is set
to "com_djcatalog" and "view" to "showItem") and via the "cid"
parameter to index.php (if "option" is set to "com_djcatalog" and
"view" to "show") is not properly sanitised before being used in an
SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
Update to fixed version 16-09-2009.
PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s
Chip D3 Bi0s: