CVE-2025-50127 HIGH

CVE-2025-50127: Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla

Vendor Dj-Extensions.com
Product DJ-Flyer component for Joomla
Weakness CWE-89 · SQLi
Published July 23, 2025
Last update July 24, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.

Explanation of Vulnerability in Simple Terms

02Summary

The DJ-Flyer component for Joomla contains a SQL injection vulnerability in versions 1.0-3.2 and earlier. An attacker with high-level administrator privileges can inject malicious SQL code through unfiltered input, potentially reading or modifying the site database. This requires administrative access to exploit.

What an attacker can do

03Attacker Capabilities

Read or modify the Joomla database by injecting SQL commands through the component.

Potential impact on your site

04Site Impact

A compromised admin account could allow an attacker to steal user data, modify site content, or escalate privileges further.

Conditions required to exploit

05Prerequisites

Attacker must have high-level administrator access to the Joomla site.

Key dates

06Disclosure timeline

July 23, 2025 CVE published
July 24, 2025 Record updated