Vulnerabilities > Joomla > Joomla > 3.8.0

DATE CVE VULNERABILITY TITLE RISK
2018-01-30 CVE-2018-6376 SQL Injection vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
network
low complexity
joomla CWE-89
7.5
7.5
2017-11-10 CVE-2017-16634 Improper Authentication vulnerability in Joomla Joomla!
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
network
low complexity
joomla CWE-287
7.5
7.5
2017-11-10 CVE-2017-16633 Information Exposure vulnerability in Joomla Joomla!
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
network
low complexity
joomla CWE-200
4.0
4.0