Two Joomla! SQL injection vulnerabilities discovered
Just a quick heads-up. We were informed about two zero-day Joomla! component SQL injection vulnerabilities today, that allow remote intruder to gain Joomla! CMS admin privileges.
Vulnerable components are:
- Joomla Flip Wall Component (com_flipwall)
- Joomla Sponsor Wall Component (com_sponsorwall)
There are no official patches that address the vulnerabilities yet, and working exploits are in the wild, so, we recommend you to disable the above modules if your CMS installation uses them.
Please feel free to submit a ticket in WHB support system be you have some questions or face some problems. Thanks!
Head of Engineering