CVE-2025-25226

Critical CVSS: 9.8

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

Vendor

Joomla

Product

Joomla\!

CWE

CWE-89

Yayın Tarihi

2025-04-08 17:15:35

Güncelleme

2025-06-04 20:50:08

Source Identifier

security@joomla.org

KEV Date Added

Kategoriler

CWE-89 Joomla\! CRITICAL Joomla 2025

Referanslar

https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html

Benzer Kayıtlar

Medium

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

Medium

CVE-2025-63083

Lack of output escaping leads to a XSS vector in the pagebreak plugin.

High

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Medium

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors.

High

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

High

CVE-2024-40749

Improper Access Controls allows access to protected views.