Joomla DJ-Catalog Component SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA36696

VERIFY ADVISORY:
http://secunia.com/advisories/36696/

DESCRIPTION:
Chip D3 Bi0s has reported two vulnerabilities in the DJ-Catalog
component for Joomla, which can be exploited by malicious people to
conduct SQL injection attacks.

Input passed via the "id" parameter to index.php (if "option" is set
to "com_djcatalog" and "view" to "showItem") and via the "cid"
parameter to index.php (if "option" is set to "com_djcatalog" and
"view" to "show") is not properly sanitised before being used in an
SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

SOLUTION:
Update to fixed version 16-09-2009.

PROVIDED AND/OR DISCOVERED BY:
Chip D3 Bi0s

ORIGINAL ADVISORY:
DJ-Catalog:
http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-vulnerability-fix.html

Chip D3 Bi0s:
http://milw0rm.com/exploits/9693