CVE Reference: CVE-2010-1522

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-1522

Description:
Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/59966

SAID
  Secunia Advisory: SA40131

OSVDB
  65879

MISC
  http://ordasoft.com/Download/View-document-details/3-BookLibrary-1.5.3-Basic-for-Joomla-1.5.html
  http://ordasoft.com/Download/Download-document/3-BookLibrary-1.5.3-Basic-for-Joomla-1.5.html
  http://secunia.com/secunia_research/2010-84/

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/512094/100/0/threaded

BID
  41264


Return to the previous page.