Joomla MisterEstate Component "searchstring" SQL Injection

SECUNIA ADVISORY ID:
SA36351

VERIFY ADVISORY:
http://secunia.com/advisories/36351/

DESCRIPTION:
A vulnerability has been reported in MisterEstate component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Input passed to the parameter "searchstring" when performing a search
is not properly sanitised before being used in SQL queries. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
code.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
jdc

RECENT ARTICLE

RECENT POST