Summary
The host is running Joomla! and is prone to multiple SQL injection vulnerabilities.
Impact
Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to Joomla! 1.5.22 or later,
For updates refer to http://www.joomla.org/download.html
Insight
The flaws are caused by improper validation of user-supplied input via the 'filter_order' and 'filter_order_Dir' parameters to 'index.php', which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
Joomla! versions 1.5.x before 1.5.22
References
Severity
Classification
-
CVE CVE-2010-4166, CVE-2010-4696 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities