Description A limited SQL injection risk was identified in the "browse list of users" site administration page. Remediation References CVE-2022-40315 Related Vulnerabilities Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18) WordPress Plugin Frontend File Manager Multiple Vulnerabilities (21.2) Apache version older than 1.3.39 RubyGems Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8320) WordPress Plugin BuddyPress Arbitrary File Deletion (2.7.3) Severity Critical Classification CVE-2022-40315 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities