[20200306] – Core – SQL injection in Featured Articles menu parameters
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 1.7.0-3.9.15
- Exploit type: SQL Injection
- Reported Date: 2020-March-9
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10243
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the “Featured Articles” frontend menutype.
Affected Installs
Joomla! CMS versions 1.7.0 – 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.