Joomla! 1.5.x - SQL Error Information Disclosure

EDB-ID:

34955

CVE:

N/A




Platform:

PHP

Date:

2010-11-05


source: https://www.securityfocus.com/bid/44674/info

Joomla! is prone to an information-disclosure vulnerability due to an SQL error.

Exploiting this issue can allow attackers to gain access to sensitive information contained in the application's database. Successful exploits may lead to other attacks.

Versions prior to Joomla! 1.5.22 are vulnerable. 

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injectio /sqli_%28filter_order_Dir%29_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injectio /sqli_%28filter_order_Dir%29_back.jpg