Input passed to the "aid" parameter in the Joomla installation's index.php script (when "option" is set to "com_simplefaq" and "task" to "answer") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows e.g. retrieving administrator usernames and password hashes.
The vulnerability is confirmed in version 2.40 and reported in version 2.11. Other versions may also be affected.
Source : http://secunia.com/advisories/26556/
Télécharger SimpleFAQ 2.5