CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure

[Henri Salo <henri () nerv fi>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can I get CVE-identifier for this issue?

"Multiple vulnerabilities have been discovered in Joomla, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed via the "filter_order" and "filter_order_Dir" parameters
to index.php (e.g. when "option" is set to "com_weblinks",
"com_contact", or "com_messages") is not properly verified before being
used in a SQL query. This can be exploited to manipulate SQL queries by
injecting limited SQL code, which may result in e.g. information 
disclosure via database errors."

Vulnerable versions: 1.5.21 and all previous 1.5 releases
Solution: Update to 1.5.22 (or later)

Referers:
http://secunia.com/advisories/42133
http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0514.html

Best regards,
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkzdqBAACgkQXf6hBi6kbk8lFACgmpIFET/szRnKRNpVO0COQuFd
pXcAoMwVjrf3/8PzOIOBuWkxMBW9lodS
=AgJf
-----END PGP SIGNATURE-----