DESCRIPTION: A vulnerability has been reported in the Mosets Tree component for Joomla!, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. change the template by tricking a privileged user into visiting a malicious web site while being logged-in to the application.
The vulnerability is reported in version 2.1.6. Prior versions may also be affected.
DESCRIPTION: A vulnerability has been reported in the Maian Media Silver component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "cat" parameter to index.php (when "option" is set to "com_maianmedia" and "view" is set to "music") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION: An update has been made available by the vendor.
DESCRIPTION: A vulnerability has been discovered in Al-Furqan component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "surano" parameter to index.php (when "option" is set to "com_alfurqan15x" and "action" is set to "viewayat") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 2.2. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
DESCRIPTION: Valentin Hoebel has reported some vulnerabilities in the JSupport component for Joomla!, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
1) Input passed via the "subject" parameter to index2.php (when "option" is set to "com_jsupport" and "task" is set to "saveTicket") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
2) Input passed via the "alpha" parameter to administrator/index.php (when "option" is set to "com_jsupport" and "task" is set to "listTickets" or "listFaqs") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability requires "Public Back-end" permissions.
The vulnerabilities are reported in version 1.5.6. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
DESCRIPTION: Salvatore Fresta has discovered a vulnerability in the JQuarks4s component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "q" array index parameter to index.php (when "option" is set to "com_jquarks4s", "task" is set to "submitSurvey", and the "q" parameter is set to "4") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 1.0.0. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
Joomla! ได้ประกาศเวอร์ชันใหม่ออกมาแล้ว คือ Joomla 1.6 เบต้า 14 (
