CVE-2025-25226 Information

Apr 09, 2025 cve

Description

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However classes extending the affected class might be affected if the vulnerable method is used.

Reference

https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html

CNNVD-202507-1552 (Published: 2025-07-10)

Share on:

CVE-2025-25226 Information

Description

Reference

Related CNNVD