DESCRIPTION: A vulnerability has been discovered in the Remository component for Joomla! / Mambo, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an error in application when uploading thumbnails, which allows uploading of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a PHP file.
NOTE: The stored file name is based on the original file name and a time stamp, which is predictable.
The vulnerability is confirmed in version 3.53.5J on Joomla!. Other versions may also be affected.
SOLUTION: Restrict access to the "components/com_remository_files" directory (e.g. via .htaccess).
DESCRIPTION: A vulnerability has been reported in the Zoom Portfolio component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "id" parameter to index.php (when "option" is set to "com_zoomportfolio" and "view" is set to "portfolio") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in version 1.5. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
DESCRIPTION: A vulnerability has been reported in the JPodium component for Joomla!, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete races or delete athletes by tricking a logged in administrative user into visiting a malicious web site.
The vulnerability is reported in versions prior to 0.9.016.
SOLUTION: Update to version 0.9.016.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
DESCRIPTION: Two vulnerabilities have been reported in the JGrid component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information and conduct SQL injection attacks.
1) Input passed to the "controller" parameter in index.php (when "option" is set to "com_jgrid") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
2) Input passed via unspecified parameters is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are reported in version 1.0. Other versions may also be affected.
SOLUTION: Update to version 1.1.
PROVIDED AND/OR DISCOVERED BY: 1) Salvatore Fresta aka Drosophila. 2) Reported by the vendor.
DESCRIPTION: A vulnerability has been reported in the onGallery component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "id" parameter to index.php (when "option" is set to "com_ongallery" and "task" is set to "ft") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages.
The vulnerability is reported in version 2.0.1. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
Joomla! ได้ประกาศเวอร์ชันใหม่ออกมาแล้ว คือ Joomla 1.6 เบต้า 8 (
