TCH-Thomas Posted March 3, 2006 Share Posted March 3, 2006 Secunia writes Description:Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to disclose system information and potentially bypass certain security restrictions. 1) Some unspecified input passed in the administration section isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) It is possible to disclose the full path to the installation via the syndication component and mod_templatechooser. 3) Access to certain resources is not properly restricted. It is also possible to create arbitrary files in the "cache" directory. The vulnerabilities have been reported in version 1.0.7. Prior versions may also be affected. Solution: Update to version 1.0.8. http://forge.joomla.org/sf/go/projects.joo...oomla_1_0.1_0_8 Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted March 3, 2006 Share Posted March 3, 2006 Thanks Thomas Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted March 4, 2006 Share Posted March 4, 2006 Thanks Thomas Quote Link to comment Share on other sites More sharing options...
stevevan Posted March 4, 2006 Share Posted March 4, 2006 Thanks for the heads up Thomas. I'm developing a site in Joomla! now, so this is very timely! Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted March 4, 2006 Share Posted March 4, 2006 Thanks Thomas Quote Link to comment Share on other sites More sharing options...
Prel Posted March 5, 2006 Share Posted March 5, 2006 Thank´s Thomas I am thinking about using Jommla and this is a good information . Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted March 6, 2006 Share Posted March 6, 2006 Thanks Thomas, I use Joomla on several sites and hadn't checked the home page for a couple of weeks! Joomla is far the best CMS that I have come across! JimE Quote Link to comment Share on other sites More sharing options...
kjarrett Posted April 16, 2006 Share Posted April 16, 2006 Quick question. I see this refers to an older version of Joomla so it's not an issue for right now, but ... assuming we use Fantastico to install our Joomla's here ... does that mean TCH will do all future upgrades when new releases are available? If not, what will the upgrade process be? Sorry if this has been asked before. Thanks, kj Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted April 16, 2006 Share Posted April 16, 2006 TCH does not control when cpanel or fantastico release updates to the packages they include. It is the users responsibility to be sure their sites are secure. So if you are using any of the scripts provided you should also learn how to manually apply patches as they are released. Quote Link to comment Share on other sites More sharing options...
kjarrett Posted April 16, 2006 Share Posted April 16, 2006 TCH does not control when cpanel or fantastico release updates to the packages they include. It is the users responsibility to be sure their sites are secure. So if you are using any of the scripts provided you should also learn how to manually apply patches as they are released. Thanks Bruce that makes sense, however, in my experience, the updates often require running of special scripts once the archive is uncompressed (and other steps are taken, i.e., deleting of certain existing files, not all). I'm thinking about Wordpress specifically here. Just wondering how this all will work. -kj- Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted April 16, 2006 Share Posted April 16, 2006 I've never installed Joomla so I don't know how difficult or easy it is to update. But I have updated Worpress many times and it was never difficult. Quote Link to comment Share on other sites More sharing options...
kjarrett Posted April 16, 2006 Share Posted April 16, 2006 I've never installed Joomla so I don't know how difficult or easy it is to update. But I have updated Worpress many times and it was never difficult. I'm totally with you - what I am not sure about is how the upgrade process will CHANGE as a result of Fantastico, that's all. You know what Wordpress requires - deleting certain folders and not others - I just am not sure how it will work with Fantastico. -kj- Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted April 16, 2006 Share Posted April 16, 2006 You can always install another copy in a test folder and practice upgrading it. Quote Link to comment Share on other sites More sharing options...
kjarrett Posted April 16, 2006 Share Posted April 16, 2006 I may give that a try, thanks Don! Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted April 16, 2006 Share Posted April 16, 2006 You are welcome this is a good idea for most scripts where it is active and you don't want to mess it up. Quote Link to comment Share on other sites More sharing options...
Kevan Posted April 16, 2006 Share Posted April 16, 2006 - what I am not sure about is how the upgrade process will CHANGE as a result of Fantastico, that's all. You know what Wordpress requires - deleting certain folders and not others - I just am not sure how it will work with Fantastico. Hi kj, Fantastico adds the ability for a "quick install" of applications without having to read any documentation first. It gets you up and running with just a few clicks, anything after that is up to you. IF you decide to use the installed package on your site that's when you have to read the software documentation and install updates according to those instructions. If Wordpress (or any app for that matter) is already installed and running, Fantastico could install a version into another or test folder as Don suggests. However, you might want to watch out for default install settings (in Fantastico) that might interfere with your existing setup. You wouldn't want a test version of Wordpress using your production Wordpress database for example. Let us know how it goes? Thanks Quote Link to comment Share on other sites More sharing options...
getitdone Posted April 17, 2006 Share Posted April 17, 2006 (edited) only replying here for future reference in case others are reading this -- when installing joomla for example in Fantastico. to setup joomla it does ask you for some database info that you do have to type in. it is not total automated. (maybe )) and that part is not real user friendly either. I found create the database and user name, then read what the name is, cause it's not what you typed, then type that into joomla setup. I am updating mine tomorrow, let you guys know if I have problems or ideas. Edited April 17, 2006 by getitdone Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.