vulnerability

Joomla!: [20200306] - Core - SQL injection in Featured Articles menu parameters (CVE-2020-10243)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Mar 11, 2020	Mar 11, 2020	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Mar 11, 2020

Added

Mar 11, 2020

Modified

Aug 11, 2025

Description

An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.

Solution

joomla-upgrade-3_9_16

References

CVE-2020-10243
https://attackerkb.com/topics/CVE-2020-10243
CWE-89
URL-http://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today