Описание
Variable Tampering within joomla/input class
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-23799
- https://github.com/joomla/joomla-cms/issues/35541
- https://github.com/joomla-framework/input/commit/2086df5860a2edccd77c329ee7cbd118cfe93514
- https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/joomla/input/CVE-2022-23799.yaml
Пакеты
Наименование
joomla/input
composer
Затронутые версииВерсия исправления
>= 2.0.0, < 2.0.2
2.0.2
Связанные уязвимости
CVSS3: 9.8
nvd
почти 4 года назад
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.