CVE-2010-4404

Description

SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected products

• anything-digital / sh404sef2.1.7.761
• anything-digital / sh404sef1.5.2.255 – 1.5.2.255
• anything-digital / sh404sef1.5.3.296 – 1.5.3.296
• anything-digital / sh404sef1.5.4.302 – 1.5.4.302
• anything-digital / sh404sef1.5.5.388 – 1.5.5.388
• anything-digital / sh404sef1.5.6.398 – 1.5.6.398
• anything-digital / sh404sef1.5.7.407 – 1.5.7.407
• anything-digital / sh404sef1.5.8.432 – 1.5.8.432
• anything-digital / sh404sef1.5.9.434 – 1.5.9.434
• anything-digital / sh404sef1.5.10.446 – 1.5.10.446
• anything-digital / sh404sef1.5.11.459 – 1.5.11.459
• anything-digital / sh404sef1.5.12.464 – 1.5.12.464
• anything-digital / sh404sef2.0.0 – 2.0.0
• anything-digital / sh404sef2.0.1.531 – 2.0.1.531
• anything-digital / sh404sef2.0.2.542 – 2.0.2.542
• anything-digital / sh404sef2.0.3.545 – 2.0.3.545
• anything-digital / sh404sef2.1.0.641 – 2.1.0.641
• anything-digital / sh404sef2.1.1.644 – 2.1.1.644
• anything-digital / sh404sef2.1.2.649 – 2.1.2.649
• anything-digital / sh404sef2.1.3.680 – 2.1.3.680
• anything-digital / sh404sef2.1.4.734 – 2.1.4.734
• anything-digital / sh404sef2.1.5.746 – 2.1.5.746
• anything-digital / sh404sef2.1.6.749 – 2.1.6.749

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/42430
• MISChttp://twitter.com/jeffchannell/status/8603529560195072
• MISChttp://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5/
• MISChttp://www.securityfocus.com/bid/45135