SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.

Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.