Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <45808337.880901289596807903.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Fri, 12 Nov 2010 16:20:07 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: Joomla 1.5.21 SQL Injection and
 Information Disclosure


----- "Henri Salo" <henri@...v.fi> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Can I get CVE-identifier for this issue?
> 
> "Multiple vulnerabilities have been discovered in Joomla, which can be
> exploited by malicious people to conduct SQL injection attacks.
> 
> Input passed via the "filter_order" and "filter_order_Dir" parameters to
> index.php (e.g. when "option" is set to "com_weblinks", "com_contact", or
> "com_messages") is not properly verified before being used in a SQL
> query. This can be exploited to manipulate SQL queries by injecting
> limited SQL code, which may result in e.g. information disclosure via
> database errors."
> 
> Vulnerable versions: 1.5.21 and all previous 1.5 releases
> Solution: Update to 1.5.22 (or later)
> 
> Referers:
> http://secunia.com/advisories/42133
> http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
> http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html
> 

This one is confusing. The full-disclosure post also seems to cover
CVE-2010-3712, which was fixed in Joomla 1.5.21.

For the SQL injection issues, let's use CVE-2010-4166.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.