[20151001] - Core - SQL Injection

[20151001] - Core - SQL Injection Posted: 22 Oct 2015 12:00 PM PDT Project: Joomla! SubProject: CMS Severity: High Versions: 3.2.0 through 3.4.4 Exploit type: SQL Injection Reported Date: 2015-October-15 Fixed Date: 2015-October-22 CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858 Description Inadequate filtering of request data leads to a SQL Injection vulnerability. Affected Installs Joomla! CMS versions 3.2.0 through 3.4.4 Solution Upgrade to version 3.4.5 Contact The JSST at the Joomla! Security Centre. Reported By: Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX