CVE-2010-4838

Name of the Vulnerable Software and Affected Versions Joomla! JSupport (com jsupport) component version 1.5.6

Description The issue allows remote authenticated users with Public Back-end permissions to execute arbitrary SQL commands. This is achieved by exploiting the alpha parameter in either a listTickets or listFaqs action to administrator/index.php.

Recommendations For version 1.5.6, consider restricting access to the administrator/index.php endpoint, specifically for the listTickets and listFaqs actions, until a fix is available. As a temporary workaround, avoid using the alpha parameter in these actions to minimize the risk of exploitation.