BSQ Sitestats Joomla Component HTML Injection and SQL Injection Vulnerabilities

BSQ Sitestats is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. Other attacks are also possible.

Versions 1.8.0 and 2.2.1 are vulnerable; other versions may also be affected.

The issues reported may be related to previous vulnerabilities documented in BID 20267 (BSQ Sitestats Joomla Component Multiple Input Validation Vulnerabilities).


Privacy Statement
Copyright 2010, SecurityFocus