Description

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

Remediation

References

CVE-2018-8045

Related Vulnerabilities

WordPress Plugin Bookly #1 WordPress Booking Plugin (Lite Version) Cross-Site Scripting (14.4)

MySQL NULL Pointer Dereference Vulnerability (CVE-2020-1967)

MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)

WordPress Plugin YOP Poll Cross-Site Scripting (5.7.3)

WordPress Plugin gboutique Local File Inclusion (1.3)

Severity

High

Classification

CVE-2018-8045 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities