Joomla Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-6376 - Vulnerability Database

Joomla

Joomla Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-6376

Critical

Reference: CVE-2018-6376

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-6376

Title: Joomla Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

In Joomla before 3.8.4 the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.