Joomla! Security News برای امروز

[shamimi 15]

Posted: 05 Mar 2012 06:00 AM PST:13:

http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/hpSgU9ABRDc/392-20120302-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email

Project: Joomla!

SubProject: All

Severity: Moderate

Versions: 2.5.1 and 2.5.0

Exploit type: XSS Vulnerability

Reported Date: 2012-February-29

Fixed Date: 2012-March-05

Description

Inadequate filtering leads to XSS vulnerability.

Affected Installs

Joomla! version 2.5.1 and 2.5.0.

Solution

Upgrade to version 2.5.2

Reported by Phil Purviance

Contact

The JSST at the Joomla! Security Center.

[20120301] - Core - SQL Injection:13:

Posted: 05 Mar 2012 06:00 AM PST

http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/L_dDHx34L4A/391-20120301-core-sql-injection.html?utm_source=feedburner&utm_medium=email

Project: Joomla!

SubProject: All

Severity: High

Versions: 2.5.1, 2.5.0 and 1.7.0 - 1.7.4

Exploit type: SQL Injection

Reported Date: 2012-February-29

Fixed Date: 2012-March-05

Description

Inadequate escaping leads to SQL injection vulnerability.

Affected Installs

Joomla! version 2.5.1, 2.5.0, 1.7.4, and all earlier 1.7.x versions

Solution

Upgrade to version 2.5.2

Reported by Colin Wong

Contact

The JSST at the Joomla! Security Center.