– Core – SQLi vulnerability User Notes
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.5.0 through 3.8.5
- Exploit type: SQLi
- Reported Date: 2018-March-08
- Fixed Date: 2018-March-12
- CVE Number: CVE-2018-8045
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view
Joomla! CMS versions 3.5.0 through 3.8.5
Upgrade to version 3.8.6
The JSST at the Joomla! Security Centre.