น้อมสำนึกในพระมหากรุณาธิคุณเป็นล้นพ้นอันหาที่สุดมิได้

Joomla! Memory Book! Component SQL Injection and File Upload Vulnerability

SECUNIA ADVISORY ID:
SA37926

VERIFY ADVISORY:
http://secunia.com/advisories/37926/

DESCRIPTION:
Some vulnerabilities have been reported in the Memory Book! component
for Joomla!, which can be exploited by malicious users to conduct SQL
injection attacks and potentially compromise a vulnerable system.

1) Input passed to the event description when adding a new event is
not properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation may require a valid user account.

2) The security issue is caused due to the application improperly
validating uploaded files. This can be exploited to execute arbitrary
PHP code by uploading a PHP file with e.g. an appended ".jpg" file
extension.

Successful exploitation may require a valid user account that Apache
is not configured to handle the mime-type for uploadable media files.

SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.

PROVIDED AND/OR DISCOVERED BY:
jdc

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/10731