Description

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

Remediation

References

CVE-2018-8045

Related Vulnerabilities

OpenSSL Numeric Errors Vulnerability (CVE-2015-1794)

WordPress Plugin Share This Image Unspecified Vulnerability (1.19)

WordPress Plugin Visual CSS Style Editor Cross-Site Request Forgery (7.2.0)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-45135)

Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0535)

Severity

High

Classification

CVE-2018-8045 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities