← back
CVE-2022-23799

[20220307] - Core - Variable Tampering on JInput $_REQUEST data

EPSS 1.2%
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Affected products
Joomla! Project · Joomla! CMSJoomla! Project · joomla/input

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html