View the advisory here. The Joomla component QPersonal suffers from a SQL injection vulnerability. While Pyske discovered a XSS flaw in December 2009, the vendor sadly failed to look over his code and prevent attackers from injecting SQL commands through the “katid” parameter. The vendor will be notified by me.
Author: valentin
View the advisory here.
The Joomla component QPersonal suffers from a SQL injection vulnerability. While Pyske discovered a XSS flaw in December 2009, the vendor sadly failed to look over his code and prevent attackers from injecting SQL commands through the “katid” parameter.
The vendor will be notified by me.
Comments on this entry (1 comment)
Did you like this post? You can share your opinion with us! Simply click here.