CVE-2025-25226

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-25226

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-25226.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-25226

Aliases

Published

2025-04-08T17:15:35Z

Modified

2025-06-05T10:46:06.822478Z

Summary

[none]

Details

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

References

https://developer.joomla.org/security-centre/963-20250401-framework-sql-injection-vulnerability-in-quotenamestr-method-of-database-package.html

Affected packages

Git / github.com/joomla/joomla-cms

Affected ranges

Type: GIT
Repo: https://github.com/joomla/joomla-cms
Events: Introduced

c1acb7e6973bd549fe35a02659fe851ff1a37dfe

Fixed

390dfb708b0b92a79b90ba92c80b97986ac9f1f9

Affected versions

Other

3.*

3.0.0

3.0.1

3.0.3

3.1.0_beta1

3.1.0_beta2

3.1.0_beta3

3.1.0_beta4

3.1.0_beta5

3.1.1

3.1.5

3.2.0

3.2.0.alpha

3.2.0.beta

3.2.0.rc

3.2.1

3.2.2

3.2.3

3.2.4

3.3.0

3.3.0.beta

3.3.0.beta2

3.3.0.rc

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.4.0-beta1

3.4.0-beta2

3.4.0-beta3

3.4.0-rc