Description

An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.

Remediation

References

CVE-2020-10243

Related Vulnerabilities

WordPress Plugin WooCommerce Arbitrary File Deletion (3.4.5)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43952)

WordPress Plugin Cookie Information-Free GDPR Consent Solution Cross-Site Scripting (1.5.5)

WordPress Plugin Share This Image Cross-Site Scripting (1.03)

WordPress Plugin WP Google Maps Unspecified Vulnerability (8.0.25)

Severity

Critical

Classification

CVE-2020-10243 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities