RETIRED: iJoomla News Portal Component 'Itemid' Parameter SQL Injection Vulnerability

iJoomla News Portal component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

iJoomla News Portal 1.0 is vulnerable; other versions may also be affected.

UPDATE (March 27, 2009): The vendor indicates that this issue is not exploitable as described; the BID is being retired.


 

Privacy Statement
Copyright 2010, SecurityFocus