Joomla! Core 3.7.0 is vulnerable as it fails to appropriately sanitize user-supplied data before utilizing it in a SQL query, Joomla! Core is vulnerable to SQL injection. An attacker could compromise the application, access or edit data, or exploit latent vulnerabilities in the underlying database by exploiting this flaw. The SQL injection vulnerability in Joomla! Core allows remote attackers to run arbitrary SQL commands through unspecified vectors.
We suggest that you update Joomla! Core to version 3.7.1 or the latest to fix this vulnerability.