ListMessenger Logo
ListMessenger For Joomla 1.5.x WordMark
Home FAQ Turbo! Blog About Contact

Phil-A-Form v1.2 And Lower - SQL Injection

May 29th, 2007

The current version of Phil-A-Form is v1.6.3 - and is secure (as far as we know).

We have just been alerted to having a security vulnerability  in VERSION 1.2 (Over a year old!) with SQL injection that allows a hacker to gain the md5 hash of the admin password on a Joomla Site.

We know MANY customers are still running Phil-a-form v1.2 which is vulnerable, in our tests we managed to get information from all the sites tested!

We are also aware that version 1.2 of Phil-A-Form is available on some warez/illegal sites.

Only versions less than v1.2 are vulnerable. PLEASE UPGRADE PHIL-A-FORM if you are not running the latest version.

This is another reason for making sure that all Joomla Components are kept up-to-date!

Posted in Announcements, Phil-A-Form, Security |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment
Phil Taylor

Phil Taylor, Director of Blue Flame IT (Jersey) Ltd, Full Time Professional Joomla Expert. Phil has passed the Zend PHP5 Certified Engineer Certification!




Copyright (C) 2008 Blue Flame IT (Jersey) Ltd. All Rights Reserved.

Joomla! is Free Software released under the GNU/GPL License.
This is not an official Joomla! Site, or Product. The use of the
word Joomla! is intended to describe what the product is designed
for and should not be considered an endorsement by the Joomla Project.