CVE-2010-2515

Name of the Vulnerable Software and Affected Versions JFaq (com jfaq) component version 1.2 for Joomla!

Description The issue allows remote attackers to execute arbitrary SQL commands via the id parameter when magic quotes gpc is disabled. Additionally, remote authenticated users with "Public Front-end" permissions can execute arbitrary SQL commands via the titlu parameter (title field) in index.php.

Recommendations For JFaq (com jfaq) component version 1.2, consider disabling the id and titlu parameters in the index.php file until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the id and titlu parameters in the affected component until the issue is resolved.