Description

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

Remediation

References

CVE-2006-7010

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7412)

Oracle Database Server Other Vulnerability (CVE-2001-0942)

WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)

WordPress Plugin Rate my Post-WP Rating System Multiple Vulnerabilities (3.3.4)

MySQL CVE-2019-2587 Vulnerability (CVE-2019-2587)

Severity

High

Classification

CVE-2006-7010

Tags

Missing Update Known Vulnerabilities