SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
A vulnerability has been discovered in the Search Log component for
Joomla, which can be exploited by malicious users to conduct SQL
Input passed via the "search" parameter to administrator/index.php
(when "option" is set to "com_searchlog" and "act" is set to "log")
is not properly sanitised before being used in a SQL query. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
Successful exploitation requires "Public Back-end" permissions.
The vulnerability is confirmed in version 3.1.0. Other versions may
also be affected.
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: