This host is running Joomla! Barter Sites component and is prone to SQL injection vulnerability.

Successful exploitation will let attackers to cause SQL Injection attack and gain sensitive information. Impact Level: Application.

Update to version 1.3.2 or later, For updates refer to http://www.barter-sites.com

The flaw is caused by improper validation of user-supplied input via the 'category_id' parameter to index.php (when 'option' is set to 'com_listing' and 'task' is set to 'browse'), which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Joomla! Barter Sites Component Version 1.3

• http://osvdb.org/show/osvdb/76270
• http://packetstormsecurity.org/files/105626/joomlabarter-sqlxss.txt
• http://secunia.com/advisories/46368
• http://www.exploit-db.com/exploits/18046

---

Updated on 2015-03-25