Joomla! Cross-Site Scripting and SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA48005

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48005/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48005

RELEASE DATE:
2012-03-07
DESCRIPTION:
Two vulnerabilities have been reported in Joomla!, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

1) Certain input passed to the Highlight plugin is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

2) Certain input passed to the Redirect plugin is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in versions 2.5.0 and 2.5.1. Prior
versions may also be affected.

SOLUTION:
Update to version 2.5.2.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Phil Purviance
2) The vendor credits Colin Wong

ORIGINAL ADVISORY:
Joomla:
http://developer.joomla.org/security/news/392-20120302-core-xss-vulnerability.html
http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html