The Joomla component Lyften Bloggie was recently exposed to suffer from an SQL Injection vulnerability. Since I had a current client that was running this software, with no fix in sight, I decided to take matters into my own hands and patch this. And, in the spirit of open source, I thought I'd share the fix with everyone.
The exploit in question uses the URL parameter "author" to inject SQL commands, and as far as I can tell that parameter is an integer value. To plug this hole, I simply changed line 41 of components/com_lyftenbloggie/models/lyftenbloggie.php to use JRequest's getInt() method instead of the more generic getVar().
$this->_author = JRequest::getVar( 'author' );
$this->_author = JRequest::getInt( 'author' );
UPDATE: It seems the folks over at Lyften have finally published an official fix!
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.