CVE-2014-4960

Name of the Vulnerable Software and Affected Versions Joomla! Youtube Gallery (com youtubegallery) component versions 3.x and 4.x through 4.1.7

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the listid or themeid parameter to "index.php".

Recommendations For versions 3.x and 4.x through 4.1.7, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the listid and themeid parameters in the affected endpoint until the issue is resolved.