Joomla JBPublishdownFP Component "cid[]" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA38267

VERIFY ADVISORY:
http://secunia.com/advisories/38267/

DESCRIPTION:
A vulnerability has been discovered in JBPublishdownFP component for
Joomla, which can be exploited by malicious users to conduct SQL
injection attacks.

Input passed via the "cid[]" parameter to index.php (when "option" is
set to "com_jbpublishdownfp" and "task" is set to "edit") is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires "Public Back-end" user group
privileges.

The vulnerability is confirmed in version 1.4. Other versions may
also be affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY:
B-HUNT3|2

RECENT ARTICLE

RECENT POST