webee 1.1.1, a Joomla commenting plugin, suffers from multiple vulnerabilities.
SQL InjectionThe 'articleId' is not sanitized.
index2.php?option=com_webeecomment&task=default&articleId=999 union select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 --
[img] BBCode [color] Tag XSS
[url] BBCode [img] Tag XSS
[size] BBCode [url] Tag XSS
UPDATE: webee has been updated to 1.2 as of 12 November 2009 and still suffers from SQL Injection. XSS was not tested in 1.2
- Vulnerabilities Discovered: 4 November 2009
- Vendor Notified: 4 November 2009
- Vendor Notified Again: 9 November 2009
- Vendor Response: ... 2009
- Update Available: ... 2009
- Disclosure: 15 November 2009
Sunday, 15 November 2009 00:00
Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator.
Last Updated on Thursday, 30 September 2010 17:35
Sunday, 08 November 2009 18:56
I am proud to announce the release of JMyLife 1.0, a new Joomla component by yours truly! JMyLife aims to replicate the functionality of fmylife.com in a Joomla 1.5 native component!
View the demo here - JMyLife Component Demo.
Overview of Features
When you purchase the Pro version, ALL minor updates (until 1.1) will be included, and you will be supporting future development of this project.
Last Updated on Thursday, 12 November 2009 11:56
Friday, 06 November 2009 23:55
I was doing some restructuring to my soon-to-be-released Joomla component, JMyLife, and wanted to have a slect item in the configuration view in order to allow the admin to select a page to direct users to as a "sign up" page. I originally had this item as part of the global view parameters, but I was having issues with Menu Items overriding the global values on specific views. I started digging through the Joomla API documents, expecting to find a simple JHTML statement I could use to produce this form element, but couldn't. I ended up with a solution that works, though I wish it were a bit easier.
Last Updated on Saturday, 07 November 2009 04:19
Thursday, 29 October 2009 09:34
Last Updated on Monday, 07 December 2009 12:44
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.