Joomla! before 3.9.14 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

Credit:

The information has been provided by Vendor

The original article can be found at:https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters


Details

In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

 

Vulnerable Systems:

Joomla! before 3.9.14

 

CVE Information:

CVE-2019-19846

 

Disclosure Timeline:
Published Date:12/17/2019

Categories: News