Joomla Security Notice :: March 13, 2018

Discussion started on Script Chat

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

Joomla! Security News

[20180301] - Core - SQLi vulnerability User Notes
Posted: 13 Mar 2018 06:45 AM PDT
  -  Project: Joomla!
  -  SubProject: CMS
  -  Impact: High
  -  Severity: Low
  -  Versions: 3.5.0 through 3.8.5
  -  Exploit type: SQLi
  -  Reported Date: 2018-March-08
  -  Fixed Date: 2018-March-12
  -  CVE Number: CVE-2018-8045
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view
Affected Installs
Joomla! CMS versions 3.5.0 through 3.8.5
Upgrade to version 3.8.6
The JSST at the Joomla! Security Centre.
Reported By: Entropy Moe
#1 - March 15, 2018, 11:29:42 AM


0 Members and 1 Guest are viewing this topic.