A security vulnerability was found in all Jumi 2.xx versions up to 2.0.d (for J!1.0), 2.0.3 and 2.1.beta2 (for J!1.5)
It concerns Jumi component only.
New Jumi versions fixing this issue were released today:
- 2.0.e stable for Joomla! 1.0
- 2.0.4 stable for Joomla! 1.5
- 2.1.beta3 for Joomla! 1.5 containing other improvements too.
We are greatly recommending to upgrade to the new Jumi version or make the following manual fix yourself.
Manual fix of security vulnerability
- find file components/com_jumi/jumi.php
- make in jumi.php the following changes:
For Joomla! 1.5
change line 11 from
$fileid = JRequest::getVar('fileid');
$fileid = JRequest::getInt('fileid');
For Joomla! 1.0
change line 13 from
$fileid = mosGetParam($_REQUEST, 'fileid', '');
$fileid = (int)mosGetParam($_REQUEST, 'fileid', '');
Thanks for your attention and thanks to Markus who announced us the risk.