[VIM] Joomla Component com_marketplace 1.3.1 (catid) SQL Injection Vuln

George A. Theall theall at tenablesecurity.com
Wed Nov 12 14:39:42 UTC 2008

Any anyone looked at milw0rm 7097 yet? It concerns a SQL injection  
issue in the Marketplace component for Joomla.  The issue seems to  
have been covered already by milw0rm 5055. The only difference is that  
7097 supposedly affects a more recent version of the component.

Also, I don't think 1.3.1 is vulnerable. Looking at the source for  
that version (both downloaded from the link in 7097 and that I had  
downloaded last February) shows that 'catid' is sanitized in  
'show_category.php' by a call to intval() before its value is used in  
any SQL queries.  What am I missing?

theall at tenablesecurity.com

More information about the VIM mailing list