BIT-joomla-2025-25226

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/joomla/BIT-joomla-2025-25226.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-joomla-2025-25226
Aliases
Published
2025-06-05T05:48:52.765Z
Modified
2025-06-05T06:27:18.776472Z
Summary
[20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
Details

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

Database specific
{
    "cpes": [
        "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}
References

Affected packages

Bitnami / joomla

Package

Name
joomla
Purl
pkg:bitnami/joomla

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
1.0.0
Fixed
5.0.3