The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
References
Link | Resource |
---|---|
http://www.joomla.org/content/view/1510/74/ | Patch |
http://secunia.com/advisories/20874 | Patch Vendor Advisory |
http://www.osvdb.org/26916 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-02-12 15:28
Updated : 2008-09-05 14:16
NVD link : CVE-2006-7010
Mitre link : CVE-2006-7010
JSON object : View
CWE
Products Affected
joomla
- joomla