Description
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://www.joomla.org/content/view/1510/74/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/26916
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20874
Scores
EPSS
0.0001
EPSS Percentile
0.9%
Details
Status
published
Products (10)
joomla/joomla
1.0.0
joomla/joomla
1.0.1
joomla/joomla
1.0.2
joomla/joomla
1.0.3
joomla/joomla
1.0.4
joomla/joomla
1.0.5
joomla/joomla
1.0.6
joomla/joomla
1.0.7
joomla/joomla
1.0.8
joomla/joomla
1.0.9
Published
Feb 12, 2007
Tracked Since
Feb 18, 2026