What the vulnerability does
Description
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
CVE-2025-25228
CVE-2025-25228: Extension - virtuemart.net - SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla
CVSS base score
—
Key dates
Disclosure timeline
April 21, 2025
CVE published
May 7, 2025
Record updated
