Joomla And Mambo Component Com_Neogallery Catid Parameter SQL Injection Vulnerability Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory

Joomla And Mambo Component Com_Neogallery Catid Parameter SQL Injection Vulnerability


Date Discovered:	02/13/2008
Severity:	High
Applications Affected	Joomla and Mambo with Com_neogallery 1.1 and previous

Synopsis

SQL injection vulnerability has been identified the Joomla and Mambo with Com_Neogallery 1.1 and previous

Recommended Actions

Upgrade with latest patch.
http://www.joomla.org/

Threat Analysis

Joomla is an open source content management system that will help user`s to build websites and other online applications. It consist of lot of modules and components. Content management system(CMS) is a computer software system for organizing and facilitating collaborative creation of documents and other contents. A CMS is frequently a web application used for managing web sites and web contents.

An SQL injection vulnerabilities have been identified in Joomla and Mambo with com_neogallery 1.1 and prior. This issue is due to a failure in the index.php to properly sanitize user-supplied input through catid parameter.An attacker can take advantage of this issue to execute arbitrary sql commands.

References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0752
http://www.securityfocus.com/bid/27692/info
http://xforce.iss.net/xforce/xfdb/40357
http://www.joomla.org/

Write-up by: Vinod Sharma

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |