within PEAR.php (as mentioned by the joomla developers).
The port should be upgraded to 1.0.11 to solve these issues, maintainer
had been informed.
With hat: secteam
It fixes 6 Security Vunerabilities:
Critical Level Threats
Potentional XSS injection through GET and other variables
- Affects all previous versions of Joomla! and Mambo 4.5.2.3
Hardened SEF against XSS injection
- Affects all previous versions of Joomla! and Mambo 4.5.2.3
Low Level Threats
Potential SQL injection in Polls modules through the Itemid variable
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Potential SQL injection in several methods in mosDBTable class
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Potential misuse of Media component file management functions
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
PR: ports/89596
Submitted by: Francisco Alves Cabrita (maintainer)
Joomla! is one of the most powerful Open Source Content
Management Systems on the planet. It is used all over
the world for everything from simple websites to complex
corporate applications. Joomla! is easy to install,
simple to manage, and reliable.
WWW: http://www.joomla.org/
PR: ports/87522
Submitted by: Francisco Alves Cabrita <francisco@nortenet.pt>