Joomla! JomSocial component 3.1.0.1 - Remote code execution

and 3.1.0.1 are vulnerable. - Vulnerability discovered by: Matias Fontanini and Gaston Traberg == Vulnerability == The vulnerability is located in the photos controller, ajaxUploadAvatar task. The parameters parsed by the Azrul plugin are not properly sanitized before being used in a call

Joomla! VirtueMart component = 2.0.22a - SQL Injection

and 2.0.22a are vulnerable. - Vulnerability discovered by: Matias Fontanini == Vulnerability == The vulnerability is located in the user controller, removeAddressST task. The virtuemart_userinfo_id parameter is not properly sanitized before being used in the DELETE query performed in it, allowing

Joomla! redSHOP component v1.2 SQL Injection

: version 1.2 is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Matias Fontanini == Vulnerability == When using the addtocompare task, the component does not correctly sanitize the pid parameter before using it to construct SQL queries, making it vulnerable to SQL

PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities

) is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Matias Fontanini == Vulnerabilities == When performing POST requests to /user/browse/view_/, the search[gender] and search[sort_by] parameters are not correctly sanitized before being used to construct SQL queries, making

Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities

- Affected versions: version 2.5.96 is vulnerable. Other versions might be affected as well. - Author: Matias Fontanini == Vulnerabilities == When using the category view, the component does not correctly sanitize the filter_order and filter_order_Dir parameters before using them to construct SQL