Joomla! News

Joomla JA Voice Component "view" File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA39202

VERIFY ADVISORY:
http://secunia.com/advisories/39202/

DESCRIPTION:
A vulnerability has been reported in the JA Voice component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "view" parameter in index.php (when "option" is
set to "com_javoice") is not properly sanitised before being used to
include files. This can be exploited to include arbitrary files from
local resources via directory traversal attacks and URL-encoded NULL
bytes.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
kaMtiEz

Joomla Multi-Venue Restaurant Menu Manager Component "mid" SQL Injection

SECUNIA ADVISORY ID:
SA39217

VERIFY ADVISORY:
http://secunia.com/advisories/39217/

DESCRIPTION:
Valentin Hoebel has reported a vulnerability in the Multi-Venue
Restaurant Menu Manager component for Joomla, which can be exploited
by malicious people to conduct SQL injection attacks.

Input passed via the "mid" parameter to index.php (when "option" is
set to "com_mv_restaurantmenumanager" and "task" is set to
"menu_display") is not properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is reported in version 1.5.2 Stable Update 3. Other
versions may also be affected.

SOLUTION:
Update to version 1.5.2 Stable Update 4.

PROVIDED AND/OR DISCOVERED BY:
Valentin Hoebel

ORIGINAL ADVISORY:
Multi-Venue Restaurant Menu Manager:
http://extensions.joomla.org/extensions/vertical-markets/food-a-beverage/10015

Valentin Hoebel:
http://www.xenuser.org/documents/security/joomla_com_MVRMM_sql.txt

Joomla Agenda Address Book Component "id" SQL Injection

SECUNIA ADVISORY ID:
SA39238

VERIFY ADVISORY:
http://secunia.com/advisories/39238/

DESCRIPTION:
A vulnerability has been reported in the Agenda Address Book
component for Joomla, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "id" parameter to index.php (when "option" is
set to "com_agenda" and "view" is set to "detail") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.0.1. Other versions may
also be affected.

SOLUTION:
Apply patch. Contact the vendor for further information.

PROVIDED AND/OR DISCOVERED BY:
v3n0m

ORIGINAL ADVISORY:
Agenda Address Book:
http://www.joomlanetprojects.com/index.php/es/joomla-projects-descargas/joomla-1/joomla-1/42-comagenda.html

Joomla TRAVELbook Component "controller" File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA39254

VERIFY ADVISORY:
http://secunia.com/advisories/39254/

DESCRIPTION:
A vulnerability has been discovered in the TRAVELbook component for
Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "controller" parameter in index.php (when
"option" is set to "com_travelbook") is not properly sanitised before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.

The vulnerability is confirmed in version 1.0.1. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/12151

Joomla! Freestyle FAQ Lite Component "faqid" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA39288

VERIFY ADVISORY:
http://secunia.com/advisories/39288/

DESCRIPTION:
A vulnerability has been reported in the Freestyle FAQ Lite component
for Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to via the "faqid" parameter to index.php (when "option"
is set to "com_fsf", "view" is set to "faq", and "tmpl" is set to
"component") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

The vulnerability is reported in versions prior to 1.2.

SOLUTION:
Update to version 1.2.

PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s

Joomla AlphaUserPoints Component "view" File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA39250

VERIFY ADVISORY:
http://secunia.com/advisories/39250/

DESCRIPTION:
A vulnerability has been discovered in the AlphaUserPoints component
for Joomla, which can be exploited by malicious people to disclose
potentially sensitive information.

Input passed to the "view" parameter in index.php (when "option" is
set to "com_alphauserpoints") is not properly verified before being
used to include files. This can be exploited to include arbitrary
files from local resources via directory traversal attacks and
URL-encoded NULL bytes.

The vulnerability is confirmed in version 1.5.5. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY:
AntiSecurity

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/12150