Description
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
Remediation
References
Related Vulnerabilities
Joomla Improper Privilege Management Vulnerability (CVE-2018-11323)
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1)
MySQL CVE-2016-0642 Vulnerability (CVE-2016-0642)
CakePHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3712)