Description

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

Remediation

References

CVE-2018-8045

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2004-2233)

WordPress Plugin Autoship Cloud PHP Object Injection (1.0.13)

PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)

Apache Tomcat Cryptographic Issues Vulnerability (CVE-2011-5064)

WordPress Plugin Lazyest Backup 'xml_or_all' Parameter Cross-Site Scripting (0.2.1)

Severity

High

Classification

CVE-2018-8045 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities