| |
 |
 |
 |
|
|
|
|
Date: 21 February 2008
Click here for printable version
Greetings,
This week saw an explosion in SQL Injection vulnerabilities in
addons for Content Management Systems (CMS). What appears to have
been a new fuzzer [1] was run against some of the more popular CMS
solutions and their addons, specifically we saw vulnerabilities
disclosed in Joomla, Mambo, Wordpress, PHP-Nuke and XOOPS to name
a few.
The current list of vulnerable third-party modules for Joomla include:
MGFi XfaQ 1.2 McQuiz Portfolio 1.0 Quiz Quran astatsPRO com_activities
com_asortyment com_clasifier com_cms com_detail com_downloads
com_emcomposer com_facileforms com_filebase com_foevpartners
com_formtool com_galeria com_genealogy com_geoboerse com_hwdvideoshare
com_idvnews com_iigcatalog com_joomlavvz com_lexikon com_listoffreeads
com_magazine com_most com_mygallery com_paxxgallery 0.2 com_pccookbook
com_profile com_referenzen com_ricette com_salesrep com_scheduling
com_sg com_smslist com_team faq jooget mediaslide
Administrators running any CMS applications should check for updates
for any installed third-party addons or components, and remove any
third-party addons or components not in use.
Have a great weekend everyone!
Regards,
Damien
References:
-----------
1. Fuzz Testing
http://en.wikipedia.org/wiki/Fuzz_testing
"Fuzz testing or fuzzing is a software testing technique that
provides random data ("fuzz") to the inputs of a program. If the
program fails (for example, by crashing, or by failing built-in
code assertions), the defects can be noted."
|
|
|
|
 |
|
 |
|
|