CVE ID – CVE-2020-10243
AFFECTED VENDORS – Joomla!
AFFECTED PRODUCTS – Joomla! CMS versions 1.7.0 – 3.9.15
VULNERABILITY DETAILS – The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the “Featured Articles” frontend menutype.
ADVICE – Update to version 3.9.16
DISCLOSURE TIMELINE:
09/03/2020 Disclosure to vendor
10/03/2020 Fix released
CREDIT – Sam Thomas