Re: CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure

[Josh Bressers <bressers () redhat com>]

----- "Henri Salo" <henri () nerv fi> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can I get CVE-identifier for this issue?
>
> "Multiple vulnerabilities have been discovered in Joomla, which can be
> exploited by malicious people to conduct SQL injection attacks.
>
> Input passed via the "filter_order" and "filter_order_Dir" parameters to
> index.php (e.g. when "option" is set to "com_weblinks", "com_contact", or
> "com_messages") is not properly verified before being used in a SQL
> query. This can be exploited to manipulate SQL queries by injecting
> limited SQL code, which may result in e.g. information disclosure via
> database errors."
>
> Vulnerable versions: 1.5.21 and all previous 1.5 releases
> Solution: Update to 1.5.22 (or later)
>
> Referers:
> http://secunia.com/advisories/42133
> http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
> http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html

This one is confusing. The full-disclosure post also seems to cover
CVE-2010-3712, which was fixed in Joomla 1.5.21.

For the SQL injection issues, let's use CVE-2010-4166.

Thanks.

-- 
    JB