7 matches found
SQL Injection
joomla/database is vulnerable to SQL injection. The vulnerability is due to improper handling of identifiers due to the quoteNameStr method not safely escaping input, which can allow injection if used in extended classes...
CVE-2025-25226
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
Joomla Framework Database Package Vulnerable to SQL Injection
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
CVE-2025-25226
CVE-2025-25226 affects Joomla Framework’s Database package: the quoteNameStr protected method may allow SQL injection if a subclass invokes it. Original 2.x/3.x packages show no direct usages of the method, so exploitation in the base class is not possible, but subclasses extending the affected c...
CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
PT-2025-15468 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla versions prior to 2.1.1 and 3.3.1 Description: The issue arises from improper handling of identifiers, leading to a SQL injection vulnerability in the quoteNameStr method of the database package. This method is protected and has no...
[20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package
Database Package version: 1.0.0-2.1.1, 3.0.0-3.3.1...