The mosgetparam implementation in Joomla! before 1.0.10, does not set a variables data type to integer when the variables default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Joomla | Joomla | 1.0.0 (including) | 1.0.0 (including) |
Joomla | Joomla | 1.0.1 (including) | 1.0.1 (including) |
Joomla | Joomla | 1.0.2 (including) | 1.0.2 (including) |
Joomla | Joomla | 1.0.3 (including) | 1.0.3 (including) |
Joomla | Joomla | 1.0.4 (including) | 1.0.4 (including) |
Joomla | Joomla | 1.0.5 (including) | 1.0.5 (including) |
Joomla | Joomla | 1.0.6 (including) | 1.0.6 (including) |
Joomla | Joomla | 1.0.7 (including) | 1.0.7 (including) |
Joomla | Joomla | 1.0.8 (including) | 1.0.8 (including) |
Joomla | Joomla | 1.0.9 (including) | 1.0.9 (including) |