Joomla! 3.7.x < 3.7.1 fields.php getListQuery() Method SQLi
Critical Web Application Scanning Plugin ID 98425
SynopsisJoomla! 3.7.x < 3.7.1 fields.php getListQuery() Method SQLi
DescriptionAccording to its self-reported version number, the detected Joomla! application is affected by a SQL injection vulnerability in the fields.php script due to improper sanitization of user-supplied input.
An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or modification of arbitrary data.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate to Joomla! version 3.7.1 or latest.