Joomla! Jomres Component Script Insertion and SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA54082

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54082/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54082

RELEASE DATE:
2013-08-06
DESCRIPTION:
Jennifer Bornholt has discovered two vulnerabilities in the Jomres
component for Joomla!, which can be exploited by malicious users to
conduct script insertion and SQL injection attacks.

1) Input passed via the "property_name" POST parameter when editing
property details is not properly sanitised before being used. This
can be exploited to insert arbitrary HTML and script code, which will
be executed in a user's browser session in the context of an affected
site if malicious data is viewed.

2) Input passed via the "id" GET parameter to administrator/index.php
(when "option" is set to "com_jomres" and "task" is set to
"editProfile") is not properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

Successful exploitation of the vulnerabilities requires "Business
Manager" permissions.

The vulnerabilities are confirmed in version 7.3.0. Other versions
may also be affected.

SOLUTION:
Update to version 7.3.1.

PROVIDED AND/OR DISCOVERED BY:
Jennifer Bornholt via Secunia