SECUNIA ADVISORY ID: SA54424 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/54424/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=54424 RELEASE DATE: 2013-08-06DESCRIPTION: Matias Fontanini has reported two vulnerabilities in the SectionEx component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "filter_order" and "filter_order_Dir" POST parameters to index.php (when "option" is set to "com_sectionex" and "view" is set to "category") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 2.5.104. SOLUTION: Update to version 2.5.104. PROVIDED AND/OR DISCOVERED BY: Matias Fontanini ORIGINAL ADVISORY: SectionEx: http://stackideas.com/downloads/changelog/sectionex