VIA Root
VIARoot Security News Security alerts Business IT security Services Security Tools About VIARoot
Joomla JoomPortfolio Component 'secid' SQL Injection Vulnerability
Search
Security News
25% Of Malware Spread Via USB Drives
 security
Mathew J. Schwartz, InformationWeek
2010-08-27 14:11:17
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Intel Buys McAfee
 intel
Hugo Jean, Heptacube Inc.
2010-08-24 14:51:53
The motivation behind the $7.68 billion deal is unclear, but Intel says it wants to integrate computer security into its hardware.
IT Directory
Wiseleap Solutions Inc.
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]
IT Ration Consulting Inc.
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]
HumanWare
Empowering People Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]
By Secunia
 Joomla
2009-12-18 06:33:03

Description:
Fl0riX has reported a vulnerability in the JoomPortfolio component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "secid" parameter to index.php (when "option" is set to "com_joomportfolio" and "task" is set to "showcat") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Fl0riX

Original Advisory:
http://packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt

No CVE references.

Reference 1: http://secunia.com/advisories/37838/
Tags
Joomla JoomPortfolio SQLinjection 

© 2006-2010 Heptacube Inc.