[joomla] Re: Uh oh, two extensions slammed by milw0rm
Mitch Pirtle
mitch.pirtle at gmail.com
Fri Oct 24 16:16:18 EDT 2008
While we're at it:
* FWCards 3.0.11 - local file inclusion vulnerability
* ionFiles 4.4.2 - file disclosure vulnerability
* Daily Message 1.0.3. - SQL injection vulnerability
* Nice Talk - SQL injection vulnerability
* ds-syndicate - SQL injection vulnerability
Sad, most likely all are making the same 2 or 3 mistakes, but some
punk wants to pad his totals for the month.
-- Mitch
On Fri, Oct 24, 2008 at 4:12 PM, Mitch Pirtle <mitch.pirtle at gmail.com> wrote:
> Heads up folks, the following Joomla extensions have been shamed at
> milw0rm (yes, they posted exploit code too):
>
> * Archaic Binary Gallery - directory traversal vulnerability
> * Kbase - SQL injection vulnerability
>
> So if you are using either, best disable them pronto, then ask
> questions later ;-)
>
> -- Mitch
>
More information about the Joomla
mailing list