DESCRIPTION: A vulnerability has been discovered in Al-Furqan component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "surano" parameter to index.php (when "option" is set to "com_alfurqan15x" and "action" is set to "viewayat") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 2.2. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
DESCRIPTION: Valentin Hoebel has reported some vulnerabilities in the JSupport component for Joomla!, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
1) Input passed via the "subject" parameter to index2.php (when "option" is set to "com_jsupport" and "task" is set to "saveTicket") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
2) Input passed via the "alpha" parameter to administrator/index.php (when "option" is set to "com_jsupport" and "task" is set to "listTickets" or "listFaqs") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability requires "Public Back-end" permissions.
The vulnerabilities are reported in version 1.5.6. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
DESCRIPTION: Salvatore Fresta has discovered a vulnerability in the JQuarks4s component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "q" array index parameter to index.php (when "option" is set to "com_jquarks4s", "task" is set to "submitSurvey", and the "q" parameter is set to "4") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 1.0.0. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
DESCRIPTION: Some vulnerabilities have been reported in the RSForm! component for Joomla!, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks.
1) Input passed via the "lang" parameter to index.php (when "option" is set to "com_forme") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes.
2) Input passed via the "lang" parameter to index.php (when "option" is set to "com_forme") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are reported in version 1.0.5. Other versions may also be affected.
DESCRIPTION: A vulnerability has been reported in the nBill component for Joomla!, which can be exploited by malicious people to disclose sensitive information.
Certain unspecified input in not properly sanitised before being used, which can be exploited to disclose sensitive information via directory traversal attacks.
The vulnerabilities are reported in 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10. Other versions may also be affected.
SOLUTION: Update to 2.0.9 standard edition, 2.0.10 lite edition, or 1.2_10 and apply the patch.
PROVIDED AND/OR DISCOVERED BY: Discovered in the wild.
Joomla! ได้ประกาศเวอร์ชันใหม่ออกมาแล้ว คือ Joomla 1.6 เบต้า 14 (
