Description

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

Remediation

References

CVE-2006-7010

Related Vulnerabilities

phpMyAdmin Improper Input Validation Vulnerability (CVE-2017-1000018)

WordPress Plugin Essential Blocks Pro Multiple PHP Object Injection Vulnerabilities (1.1.0)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1488)

WordPress Plugin Link Library Cross-Site Scripting (5.9.12.29)

WordPress Plugin Simple Yearly Archive Cross-Site Scripting (2.1.8)

Severity

High

Classification

CVE-2006-7010

Tags

Missing Update Known Vulnerabilities