Joomla 2.5 XSS SQLi Attack


Status
Not open for further replies.
alvingiovanno

alvingiovanno

Apprentice 2.0
PHP: 
Joomla! Security News
	

[20120302] - Core - XSS Vulnerability

Posted: 05 Mar 2012 06:00 AM PST

    Project: Joomla!
    SubProject: All
    Severity: Moderate
    Versions: 2.5.1 and 2.5.0
    Exploit type: XSS Vulnerability
    Reported Date: 2012-February-29
    Fixed Date: 2012-March-05

Description

Inadequate filtering leads to XSS vulnerability.
Affected Installs

Joomla! version 2.5.1 and 2.5.0.
Solution

Upgrade to version 2.5.2

Reported by Phil Purviance
Contact

The JSST at the Joomla! Security Center.

[20120301] - Core - SQL Injection

Posted: 05 Mar 2012 06:00 AM PST

    Project: Joomla!
    SubProject: All
    Severity: High
    Versions: 2.5.1, 2.5.0 and 1.7.0 - 1.7.4
    Exploit type: SQL Injection
    Reported Date: 2012-February-29
    Fixed Date: 2012-March-05

Description

Inadequate escaping leads to SQL injection vulnerability.
Affected Installs

Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.2

Reported by Colin Wong
Contact

The JSST at the Joomla! Security Center.

tuh Tuan saya dapat email, yang pakek joomla 1.7 - 2.5 upgrade buru biar ga kena xss & SQLi :D

:15:
 
Status
Not open for further replies.

Top