• Joomla! 1.6.0 is vulnerable to an SQL Injection vulnerability. Parameters (filter_order, filer_order_Dir) were not properly sanitized, leading to an SQL Injection vulnerability. This could an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

• Upgrade to Joomla! 1.6.1 or higher.

• • Joomla! 1.6.0 SQL Injection Vulnerability
  • Joomla 1.6.0 Analysis and Exploitation

• 

• CVE-2011-1151

• CWE-89

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

• Known Vulnerabilities SQL Injection

• WordPress Plugin MoodThingy Mood Rating Widget 'postID' Parameter Blind SQL Injection (0.8.7)
• WordPress Plugin WP-Filebase Download Manager 'base' Parameter SQL Injection (0.2.9)
• WordPress Plugin Participants Database SQL Injection (1.5.4.8)
• WordPress Plugin WordPress Store Locator SQL Injection (3.33.1)
• WordPress Plugin Website FAQ 'website-faq-widget.php' SQL Injection (1.0)