Description
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
Remediation
References
Related Vulnerabilities
Moodle Credentials Management Errors Vulnerability (CVE-2014-7845)
WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)
WordPress Plugin VideoWhisper Video Conference Integration Arbitrary File Upload (4.91.8)
Joomla Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-15697)
WordPress Plugin WP Video Lightbox Cross-Site Scripting (1.9.2)