====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN102
_____________________________________________________________________

DATE                : 14/03/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Joomla! versions 3.5.0 up to and
                             including 3.8.5.

=====================================================================
https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html
_____________________________________________________________________

Security Announcements

[20180301] - Core - SQLi vulnerability User Notes

    Project: Joomla!
    SubProject: CMS
    Impact: High
    Severity: Low
    Versions: 3.5.0 through 3.8.5
    Exploit type: SQLi
    Reported Date: 2018-March-08
    Fixed Date: 2018-March-12
    CVE Number: CVE-2018-8045


Description

The lack of type casting of a variable in SQL statement leads to a SQL
injection vulnerability in the User Notes list view


Affected Installs

Joomla! CMS versions 3.5.0 through 3.8.5


Solution

Upgrade to version 3.8.6


Contact

The JSST at the Joomla! Security Centre.

Reported By: Entropy Moe

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================