Charlottezweb

Joomla Security Notice :: March 13, 2018

Discussion started on Script Chat

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

Quote
Joomla! Security News

________________________________________
[20180301] - Core - SQLi vulnerability User Notes
Posted: 13 Mar 2018 06:45 AM PDT
  -  Project: Joomla!
  -  SubProject: CMS
  -  Impact: High
  -  Severity: Low
  -  Versions: 3.5.0 through 3.8.5
  -  Exploit type: SQLi
  -  Reported Date: 2018-March-08
  -  Fixed Date: 2018-March-12
  -  CVE Number: CVE-2018-8045
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view
Affected Installs
Joomla! CMS versions 3.5.0 through 3.8.5
Solution
Upgrade to version 3.8.6
Contact
The JSST at the Joomla! Security Centre.
Reported By: Entropy Moe
#1 - March 15, 2018, 11:29:42 AM

Members:

0 Members and 1 Guest are viewing this topic.