====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN153
_____________________________________________________________________

DATE                : 18/05/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Joomla! versions 3.7.0.

=====================================================================
https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html
____________________________________________________________________


[20170501] - Core - SQL Injection

    Project: Joomla!
    SubProject: CMS
    Severity: High
    Versions: 3.7.0
    Exploit type: SQL Injection
    Reported Date: 2017-May-11
    Fixed Date: 2017-May-17
    CVE Number: CVE-2017-8917

Description

Inadequate filtering of request data leads to a SQL Injection
vulnerability.


Affected Installs

Joomla! CMS versions 3.7.0


Solution

Upgrade to version 3.7.1


Contact

The JSST at the Joomla! Security Centre.
Reported By: Marc-Alexandre Montpas / sucuri.net


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================