|
Description
|
|
Salvatore Fresta has discovered a vulnerability in the TimeTrack component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "ct_id" parameter to index.php (when "option" is set to "com_timetrack" and "view" is set to "timetrack") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
NOTE: Other parameters are reportedly also affected.
The vulnerability is confirmed in version 1.2.3. Other versions may also be affected.
|
