Project: Joomla! SubProject: All Severity: Low Versions: 1.5.18 and all previous 1.5 releases Exploit type: Internal Path Exposure Reported Date: 2010-June-10 Fixed Date: 2010-July-15 Description Back-end user can create MySQL error which shows internal path information in the error message. Affected Installs All 1.5.x installs prior to and including 1.5.18 are affected. Solution Upgrade to the latest Joomla! version (1.5.18 or later) Reported by Andy Gorges Contact The JSST at the Joomla! Security Center .
Go here to see the original:
[20100701] – Core – SQL Injection / Internal Path Exposure