Description
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2004-2233)
WordPress Plugin Autoship Cloud PHP Object Injection (1.0.13)
PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)
Apache Tomcat Cryptographic Issues Vulnerability (CVE-2011-5064)
WordPress Plugin Lazyest Backup 'xml_or_all' Parameter Cross-Site Scripting (0.2.1)