Important Security Vulnerability Fixed

12 Nov 2011

A couple of days ago we were notified about a SQL injection security vulnerability in our Ajax-enabling RokModule extension. This extensions is generally not used by itself, but rather it enables Ajax for the following extensions for both Joomla 1.5 and 1.7:

  • RokStock
  • RokWeather
  • RokNewspager

Even if you are not currently using these extensions on your RocketTheme based site, you may still be vulnerable if you have these extensions installed. It is strongly advised that you download the latest version of RokModule and install it immediately to address this issue:

  • RokModule v1.3 for Joomla 1.7
  • RokModule v1.4 for Joomla 1.5

You can determine if you have this extensions installed and if it needs updating by using the Extensions Manager in the Joomla Administrator and clicking on the Components sub menu option. Then you just need to look for RokModule in the list and check the version.

RokModule Versions

You can download the latest version here: RokModule Downloads

NOTICE: for Joomla 1.5 it's safer to uninstall the existing version of the com_rokmodule component prior to installing the version.

Also we've updated the extensions themselves with this updated version, along with RocketLaunchers and extensions bundles for the affected templates.

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.