[VIM] Joomla Component com_marketplace 1.3.1 (catid) SQL Injection Vuln
str0ke
str0ke at milw0rm.com
Wed Nov 12 15:17:57 UTC 2008
Sorry tested on 1.2.1 and it is affected. Changing the version
information now.
George A. Theall wrote:
> Any anyone looked at milw0rm 7097 yet? It concerns a SQL injection
> issue in the Marketplace component for Joomla. The issue seems to
> have been covered already by milw0rm 5055. The only difference is that
> 7097 supposedly affects a more recent version of the component.
>
> Also, I don't think 1.3.1 is vulnerable. Looking at the source for
> that version (both downloaded from the link in 7097 and that I had
> downloaded last February) shows that 'catid' is sanitized in
> 'show_category.php' by a call to intval() before its value is used in
> any SQL queries. What am I missing?
>
>
> George
More information about the VIM
mailing list