A couple of days ago we were notified about a SQL injection security vulnerability in our Ajax-enabling RokModule extension. This extensions is generally not used by itself, but rather it enables Ajax for the following extensions for both Joomla 1.5 and 1.7:
- RokStock
- RokWeather
- RokNewspager
Even if you are not currently using these extensions on your RocketTheme based site, you may still be vulnerable if you have these extensions installed. It is strongly advised that you download the latest version of RokModule and install it immediately to address this issue:
- RokModule v1.3 for Joomla 1.7
- RokModule v1.4 for Joomla 1.5
You can determine if you have this extensions installed and if it needs updating by using the Extensions Manager in the Joomla Administrator and clicking on the Components sub menu option. Then you just need to look for RokModule in the list and check the version.
You can download the latest version here: RokModule Downloads
Also we've updated the extensions themselves with this updated version, along with RocketLaunchers and extensions bundles for the affected templates.