CVE-2015-6513

Name of the Vulnerable Software and Affected Versions J2Store (com j2store) extension for Joomla! versions prior to 3.1.7

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the sortby or manufacturer ids[] parameter to the "index.php" endpoint.

Recommendations For versions prior to 3.1.7, update to version 3.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the sortby and manufacturer ids[] parameters in the "index.php" endpoint until the update is applied.