Urdu English
English English Deutsch Deutsch Español Español Français Français Italiano Italiano Nederlands Nederlands Português Português Русский Русский Ελληνικά Ελληνικά
Login



 
Welcome to Jumi! >> News >> Security releases
320,046 Downloads
Joomla! 2.5.x & 3.x
Version 3.0.5
Download
Joomla! 1.5.x
Version 2.0.6
Download
Overview
Concise Guide
Installation in J!1.0
Usage for J!1.0
Installation in J!1.5
Usage for J!1.5
Upgrades
Troubleshooting
Tutorial
Security Checklist
Jumi 2.1 Guide
News
Blog
Whishlist
Change Logs
About
Acknowledgements
Downloads
Development
Feedbacks
Forum

A security vulnerability was found in all Jumi 2.xx versions up to 2.0.d (for J!1.0), 2.0.3 and 2.1.beta2 (for J!1.5)

It concerns Jumi component only.

New Jumi versions fixing this issue were released today:

  • 2.0.e stable for Joomla! 1.0
  • 2.0.4 stable for Joomla! 1.5
  • 2.1.beta3 for Joomla! 1.5 containing other improvements too.

We are greatly recommending to upgrade to the new Jumi version or make the following manual fix yourself.

Manual fix of security vulnerability

  1. find file components/com_jumi/jumi.php
  2. make in jumi.php the following changes:

For Joomla! 1.5

change line 11 from

$fileid = JRequest::getVar('fileid');

to

$fileid = JRequest::getInt('fileid');

For Joomla! 1.0

change line 13 from

$fileid = mosGetParam($_REQUEST, 'fileid', '');

to

$fileid = (int)mosGetParam($_REQUEST, 'fileid', '');

Thanks for your attention and thanks to Markus who announced us the risk.