CVE-2020-10243

< back to advisories

CVE ID – CVE-2020-10243

AFFECTED VENDORS – Joomla!

AFFECTED PRODUCTS – Joomla! CMS versions 1.7.0 – 3.9.15

VULNERABILITY DETAILS – The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the “Featured Articles” frontend menutype.

ADVICE – Update to version 3.9.16

DISCLOSURE TIMELINE:
09/03/2020 Disclosure to vendor
10/03/2020 Fix released

CREDIT – Sam Thomas 

How can we support you?

Contact our team today to find out how we can help support your organization.

Contact us >
CREST | Pentest Limited
OSCP

/contact

Twitter Linkedin Github Youtube

/services

/about

/links

Pentest Limited is registered in England and Wales with company number 11925182

Registered address: 22 Great James Street, London, WC1N 3ES

VAT registration No: 331802826​

© Pentest Limited 2022. All rights reserved.