foobla Suggestions for Joomla "idea_id" SQL Injection Vulnerability
Description:
Chip D3 Bi0s has reported a vulnerability in foobla Suggestions for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "idea_id" parameter to index.php (if "option" is set to "com_foobla_suggestions" and "controller" to "comment") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary code.
The vulnerability is reported in version 1.5.11. Other versions may also be affected.
Source: http://secunia.com/advisories/36767/
Solution: upgrade to latest version (1.5.0.1_build20090922)
See how to get newer version here.
