Release date:
Updated on:
Affected Systems:
Joomla! Sexy Polling <= 1.0.8
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-7219
Sexy Polling is a customizable voting software.
The Joomla extension Sexy Polling 1.0.8 does not properly filter the "answer_id []" POST parameter value of/components/com_sexypolling/vote. php, which can cause arbitrary SQL code injection.
<* Source: High-Tech Bridge SA (http://www.htbridge.ch /)
Link: http://secunia.com/advisories/56523/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Joomla!
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://extensions.joomla.org/extensions/contacts-and-feedback/polls/23470
Reference: https://www.htbridge.com/advisory/HTB23193