Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 12 Nov 2010 16:20:07 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: Joomla 1.5.21 SQL Injection and
 Information Disclosure


----- "Henri Salo" <henri@...v.fi> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Can I get CVE-identifier for this issue?
> 
> "Multiple vulnerabilities have been discovered in Joomla, which can be
> exploited by malicious people to conduct SQL injection attacks.
> 
> Input passed via the "filter_order" and "filter_order_Dir" parameters to
> index.php (e.g. when "option" is set to "com_weblinks", "com_contact", or
> "com_messages") is not properly verified before being used in a SQL
> query. This can be exploited to manipulate SQL queries by injecting
> limited SQL code, which may result in e.g. information disclosure via
> database errors."
> 
> Vulnerable versions: 1.5.21 and all previous 1.5 releases
> Solution: Update to 1.5.22 (or later)
> 
> Referers:
> http://secunia.com/advisories/42133
> http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
> http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html
> 

This one is confusing. The full-disclosure post also seems to cover
CVE-2010-3712, which was fixed in Joomla 1.5.21.

For the SQL injection issues, let's use CVE-2010-4166.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ