Joomla CB Resume Builder Component "group_id" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA36954

VERIFY ADVISORY:
http://secunia.com/advisories/36954/

DESCRIPTION:
kaMtiEz has reported a vulnerability in the CB Resume Builder
component for Joomla, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "group_id" parameter to index.php (if "option"
is set to "com_cbresumebuilder" and "task" is set to "group_member")
is not properly sanitised before being used in an SQL query. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
code.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
kaMtiEz

RECENT ARTICLE

RECENT POST