SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
Multiple vulnerabilities have been discovered in Joomla, which can be
exploited by malicious people to conduct SQL injection attacks.
Input passed via the "filter_order" and "filter_order_Dir" parameters
to index.php (e.g. when "option" is set to "com_weblinks",
"com_contact", or "com_messages") is not properly verified before
being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting limited SQL code, which may result in e.g.
information disclosure via database errors.
The vulnerabilities are reported in versions prior to 1.5.22.
Update to version 1.5.22.
PROVIDED AND/OR DISCOVERED BY:
YGN Ethical Hacker Group