Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Joomla Com_Xsstream-dm Movie Parameter SQL Injection Vulnerability
Date Discovered: 05/27/2008
Severity: High
Applications Affected Joomla with Com_xsstream-dm 0.01_beta
Synopsis
SQL injection vulnerability has been identified in Joomla with Com_xsstream-dm 0.01_beta
Recommended Actions
Upgrade with latest patch.
http://www.joomla.org/
Threat Analysis
Joomla is an open source content management system that will help user`s to build websites and other online applications. It consist of lot of modules and components. Content management system(CMS) is a computer software system for organizing and facilitating collaborative creation of documents and other contents. CMS is frequently used as web application for managing web sites and web contents.

An SQL injection vulnerabilities have been identified in Joomla with com_xsstream-dm 0.01_beta. This issue is due to a failure in the index.php to properly sanitize user-supplied input through movie parameter. An attacker can take advantage of this issue to execute arbitrary sql commands.
References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2454
http://www.securityfocus.com/bid/29144
http://www.securityfocus.com/archive/1/archive/1/491943/100/0/threaded
http://www.joomla.org/
Write-up by: Vinod Sharma
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map