SECUNIA ADVISORY ID:
SA37508
VERIFY ADVISORY:
http://secunia.com/advisories/37508/
DESCRIPTION:
A security issue has been discovered in the Kide Shoutbox component
for Joomla, which can be exploited by malicious people to bypass
certain security restrictions.
The vulnerability is caused due to improper authentication for posted
messages. This can be exploited to bypass the "Only to registered
users" configuration setting and post messages with an arbitrary user
name via index.php (when "option" is set to "com_kide" and "task" is
set to "insertar").
The vulnerability is confirmed in version 0.4.6. Other versions may
also be vulnerable.
SOLUTION:
Do not rely on the product's user restriction.
PROVIDED AND/OR DISCOVERED BY:
An anonymous person