[20110408] - Core - SQL Injection E-mail
Friday, 15 April 2011 07:54
Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: SQL Injection Reported Date: 2011-March-12 Fixed Date: 2011-April-14 Description Unescaped values in query leads to SQL injection vulnerability. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by anonymous. Contact The JSST at the Joomla! Security Center.

Read more: http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/Vk8_BG8P5kY/348-20110408-core-sql-injection.html