Joomla 3 Security update – CVE-2018-8045

Last updated Jun 14, 2020 at 11:36AM | Published on Mar 14, 2018 | Joomla News, Web Hosting News

Joomla Hosting

Please upgrade to Joomla 3.8.6

A security flaw has been discovered in Joomla version 3.5.0 through 3.8.5.

It has been assigned [CVE-2018-8045].
The User notes list view is missing a type casting of a variable which can lead to an SQL injection.

This means that somebody can make changes or read out data from your Joomla database without permission.
It can be achieved by simply calling the User notes list view with specially crafted parameters.

The Joomla team considers the severity of the flaw as low.

Please login to your hosting control panel and use our Softaculous installer to update your Joomla.
If you are unsure, please contact your support team to help you out.