advisory_details

CVE-2020-10243

CVE ID – CVE-2020-10243

AFFECTED VENDORS – Joomla!

AFFECTED PRODUCTS – Joomla! CMS versions 1.7.0 – 3.9.15

VULNERABILITY DETAILS – The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the “Featured Articles” frontend menutype.

ADVICE – Update to version 3.9.16

DISCLOSURE TIMELINE:
09/03/2020 Disclosure to vendor
10/03/2020 Fix released

CREDIT – Sam Thomas