Une faille est déclaré dans le composant SimpleFAQ. Nous vous conseillons de mettre rapidement ce composant à jour.

Input passed to the "aid" parameter in the Joomla installation's index.php script (when "option" is set to "com_simplefaq" and "task" to "answer") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes.

The vulnerability is confirmed in version 2.40 and reported in version 2.11. Other versions may also be affected.


Source : http://secunia.com/advisories/26556/

Télécharger SimpleFAQ 2.5
A propos de l'auteur
Stéphane Bourderiou
Nom: Stéphane Bourderiou
Fondateur des sites Aide-joomla.fr et SFK
Derniers articles de l'auteur