[20080901] - Core - JRequest Variable Injection

2008-09-09T00:00:00
ID JOOMLA-271
Type joomla
Reporter Open Source Matters, Inc.
Modified 2008-09-09T00:00:00

Description

A flaw in JRequest exists where variables set with JRequest::setVar are not cleaned when fetching the variable at a later point in the request. This can result in variable injection (unwanted characters injected into returned data).