CVE Vulnerabilities

CVE-2006-7010

Published: Feb 12, 2007 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variables data type to integer when the variables default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

Affected Software

Name Vendor Start Version End Version
Joomla Joomla 1.0.0 (including) 1.0.0 (including)
Joomla Joomla 1.0.1 (including) 1.0.1 (including)
Joomla Joomla 1.0.2 (including) 1.0.2 (including)
Joomla Joomla 1.0.3 (including) 1.0.3 (including)
Joomla Joomla 1.0.4 (including) 1.0.4 (including)
Joomla Joomla 1.0.5 (including) 1.0.5 (including)
Joomla Joomla 1.0.6 (including) 1.0.6 (including)
Joomla Joomla 1.0.7 (including) 1.0.7 (including)
Joomla Joomla 1.0.8 (including) 1.0.8 (including)
Joomla Joomla 1.0.9 (including) 1.0.9 (including)

References