CVE-2006-7010

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

Published : 2007-02-12 23:28 Updated : 2008-09-05 21:16

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Joomla Joomla 1.0.7 cpe:/a:joomla:joomla:1.0.7
Joomla Joomla 1.0.6 cpe:/a:joomla:joomla:1.0.6
Joomla Joomla 1.0.9 cpe:/a:joomla:joomla:1.0.9
Joomla Joomla 1.0.8 cpe:/a:joomla:joomla:1.0.8
Joomla Joomla 1.0.3 cpe:/a:joomla:joomla:1.0.3
Joomla Joomla 1.0.2 cpe:/a:joomla:joomla:1.0.2
Joomla Joomla 1.0.5 cpe:/a:joomla:joomla:1.0.5
Joomla Joomla 1.0.4 cpe:/a:joomla:joomla:1.0.4
Joomla Joomla 1.0.1 cpe:/a:joomla:joomla:1.0.1
Joomla Joomla 1.0.0 cpe:/a:joomla:joomla:1.0.0
  1. Joomla (1) Search CVE
    1. Joomla (10) Search CVE
      1. 1.0.7
      2. 1.0.6
      3. 1.0.9
      4. 1.0.8
      5. 1.0.3
      6. 1.0.2
      7. 1.0.5
      8. 1.0.4
      9. 1.0.1
      10. 1.0.0

CWE

There is no CWE for this CVE.

Reference

History of changes

Date Event
2007-02-12 23:28

New CVE