CVE-2025-25226

CVE-2025-25226: [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package

Vendor Joomla! Project

Product Joomla! Framework

Weakness CWE-89 · SQLi

Published April 8, 2025

Last update April 21, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

Key dates

Disclosure timeline

April 8, 2025 CVE published

April 21, 2025 Record updated

Identifiers

CVE CVE-2025-25226

CWE CWE-89

Affected versions

Vendor Joomla! Project

Product Joomla! Framework

Affected 1.0.0-2.1.1

Vendor Joomla! Project

Product Joomla! Framework

Affected 3.0.0-3.3.1