Recently released security updates for the popular Joomla CMS (content management system) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites. The Joomla Project released versions 3.2.3 and 2.5.19 of the open-source CMS Thursday. Both updates address two cross-site scripting (XSS) vulnerabilities in core components, but version 3.2.3 also patches a SQL injection flaw, publicly disclosed in early February, and an unauthorized log-in flaw in the Gmail-based authentication plug-in.