Description

Joomla! 1.6.0 is vulnerable to an SQL Injection vulnerability. Parameters (filter_order, filer_order_Dir) were not properly sanitized, leading to an SQL Injection vulnerability. This could an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Remediation

Upgrade to Joomla! 1.6.1 or higher.

References

Joomla! 1.6.0 SQL Injection Vulnerability

Joomla 1.6.0 Analysis and Exploitation

Related Vulnerabilities

WordPress Plugin FAQs Manager SQL Injection (1.0)

WordPress Plugin Super Interactive Maps for WordPress SQL Injection (2.1)

WordPress Plugin WP-Stats-Dashboard SQL Injection (2.9.4)

WordPress Plugin 1 Flash Gallery Cross-Site Scripting and SQL Injection Vulnerabilities (0.2.5)

DotNetNuke multiple vulnerabilities

Severity

High

Classification

CVE-2011-1151 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Tags

Known Vulnerabilities SQL Injection