Update: http://blog.joomlatools.eu/2010/01/security-in-third-party-addons.html "We have investigated this report, and it does not concern the Joomla:Alfresco integration that was published through Joomlatools Labs over a year ago. We have been unable to find the developer of this extension, so we believe it might be a custom extension that is not available on the JED. If you have more information, please let us know.
If you have an Alfresco extension installed, you can identify it by opening /administrator/components/com_alfresco/manifest.xml. If it starts with the following header, you are using our secure extension. If it doesn't, you might be using the vulnerable extension.
<name>Alfresco</name> <author>Joomlatools</author> <copyright>Copyright (C) 2008 Joomlatools. All rights reserved.</copyright> <creationdate>December 2008</creationdate> <license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license> <authoremail>info@joomlatools.org</authoremail> <authorurl>www.joomlatools.org</authorurl> <version>1.0.0</version> <description>This component displays an Alfresco repository using CMIS</description> "
