Description

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

Remediation

References

CVE-2018-8045

Related Vulnerabilities

Drupal Data Processing Errors Vulnerability (CVE-2017-6920)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (3.8.9)

WordPress Plugin Copperleaf Photolog 'cplphoto.php' SQL Injection (0.16)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0866)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (2.0.45)

Severity

High

Classification

CVE-2018-8045 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities