Archive for March 13th, 2018

2 results.

[20180301] – Core – SQLi vulnerability User Notes

Mar13
by Ike on March 13, 2018 at 1:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 3.5.0 through 3.8.5
  • Exploit type: SQLi
  • Reported Date: 2018-March-08
  • Fixed Date: 2018-March-12
  • CVE Number: CVE-2018-8045

Description

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view

Affected Installs

Joomla! CMS versions 3.5.0 through 3.8.5

Solution

Upgrade to version 3.8.6

Contact

The JSST at the Joomla! Security Centre.

Reported By: Entropy Moe

 Comment 

Joomla 3.8.6 Release

Mar13
by Ike on March 13, 2018 at 1:45 pm
Posted In: Uncategorized
Joomla 3.8.6

Joomla 3.8.6 is now available. This is a security fix release for the 3.x series of Joomla addressing one security vulnerability and including over 60 bug fixes and improvements.

 Comment 

59 queries. 8.25 mb Memory usage. 0.714 seconds.