What the vulnerability does
01Description
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical. This issue affects some unknown processing of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties of the component GET Parameter Handler. The manipulation of the argument title leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Explanation of Vulnerability in Simple Terms
02Summary
JUX Real Estate versions 3.4.0 and later contain a SQL injection vulnerability in the Joomla extension. An attacker with low-level site access can inject malicious SQL commands through unfiltered input, potentially reading or modifying database contents. The vulnerability requires authentication but no user interaction.
What an attacker can do
03Attacker Capabilities
Read or modify database records by injecting SQL commands through the extension.
Potential impact on your site
04Site Impact
Unauthorized database access could expose user data, settings, or allow modification of site content and configuration.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the Joomla site (e.g., registered user or contributor).
Key dates
06Disclosure timeline
March 9, 2025
CVE published
March 10, 2025
Record updated