Description
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
Remediation
References
Related Vulnerabilities
WordPress Plugin Spellchecker 'general.php' Local and Remote File Include Vulnerabilities (3.1)
TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)
WordPress Plugin JiangQie Official Website Mini Program SQL Injection (1.1.0)
Oracle Application Server Credentials Management Errors Vulnerability (CVE-2002-2345)