Please upgrade to Joomla 3.8.6
A security flaw has been discovered in Joomla version 3.5.0 through 3.8.5.
It has been assigned [CVE-2018-8045].
The User notes list view is missing a type casting of a variable which can lead to an SQL injection.
This means that somebody can make changes or read out data from your Joomla database without permission.
It can be achieved by simply calling the User notes list view with specially crafted parameters.
The Joomla team considers the severity of the flaw as low.
Please login to your hosting control panel and use our Softaculous installer to update your Joomla.
If you are unsure, please contact your HelpingHost.com support team to help you out.