Lucene search
K

7 matches found

Veracode
Veracode
added 2025/04/18 4:56 p.m.14 views

SQL Injection

joomla/database is vulnerable to SQL injection. The vulnerability is due to improper handling of identifiers due to the quoteNameStr method not safely escaping input, which can allow injection if used in extended classes...

9.8CVSS7.8AI score0.00451EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/11 3:14 a.m.13 views

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

9.8CVSS7.7AI score0.00451EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/08 6:34 p.m.17 views

Joomla Framework Database Package Vulnerable to SQL Injection

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

9.8CVSS7.7AI score0.00451EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/04/08 4:24 p.m.239 views

CVE-2025-25226

CVE-2025-25226 affects Joomla Framework’s Database package: the quoteNameStr protected method may allow SQL injection if a subclass invokes it. Original 2.x/3.x packages show no direct usages of the method, so exploitation in the base class is not possible, but subclasses extending the affected c...

9.8CVSS8AI score0.00451EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/08 4:24 p.m.20 views

CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

0.00451EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15468 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla versions prior to 2.1.1 and 3.3.1 Description: The issue arises from improper handling of identifiers, leading to a SQL injection vulnerability in the quoteNameStr method of the database package. This method is protected and has no...

9.8CVSS7AI score0.00451EPSS
Exploits0References17
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/03/17 12:0 a.m.30 views

[20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package

Database Package version: 1.0.0-2.1.1, 3.0.0-3.3.1...

9.8CVSS7.1AI score0.00451EPSS
Exploits0Affected Software1
Rows per page
Query Builder