Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.1 and 1.6.0 Exploit type: SQL Injection Reported Date: 2011-March-12 Fixed Date: 2011-April-14 Description Unescaped values in query leads to SQL injection vulnerability. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by anonymous
Read more from the original source:
[20110408] – Core – SQL Injection