CVE-2018-8045 — SQL Injection in Joomla !

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

21.1%

top 4.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !

Timeline

PublishedMar 15

Latest updateMay 14

Description

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDjoomla/joomla_!3.5.0 — 3.8.5

🔴Vulnerability Details

GHSA

GHSA-xgcx-vvr8-486q: In Joomla! 3↗2022-05-14

▶

CVEList

CVE-2018-8045: In Joomla! 3↗2018-03-14

▶