SQL injection Joomla!

Published: 2018-03-13 17:29:02 | Updated: 2018-03-13
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8045
CVSSv3 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-89
Exploitation vector Network
Public exploit N/A
Vulnerable software Joomla!
Vulnerable software versions Joomla! 3.8.5
Joomla! 3.8.4
Joomla! 3.8.3

Show more

Vendor URL Joomla!

Security Advisory

1) SQL injection

Description

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient filtration of user-supplied data in User Notes list view. A remote attacker can execute arbitrary SQL commands in web application database.

Successful exploitation of the vulnerability may lead to website compromise.

Remediation

Update to version 3.8.6.

External links

https://developer.joomla.org/security-centre.html

Back to List