Description

In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

Remediation

References

CVE-2018-6376

Related Vulnerabilities

WordPress Plugin WooCommerce Admin Security Bypass (2.6.3)

WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.33)

Oracle Application Server Other Vulnerability (CVE-2002-0565)

WordPress Plugin WP Super Cache PHP Code Injection (1.2)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)

Severity

Critical

Classification

CVE-2018-6376 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities