CVE-2025-54294 CRITICAL

CVE-2025-54294: Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla

Vendor Stackideas.com
Product Komento component for Joomla
Weakness CWE-89 · SQLi
Published July 23, 2025
Last update July 24, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands.

Explanation of Vulnerability in Simple Terms

02Summary

Komento for Joomla versions 4.0.0 through 4.0.7 contain a SQL injection vulnerability in the component's database query handling. An attacker can craft malicious input to execute arbitrary SQL commands, potentially reading or modifying site data without authentication. This affects all Joomla sites running the vulnerable Komento versions.

What an attacker can do

03Attacker Capabilities

Execute SQL commands to read, modify, or delete database records without logging in.

Potential impact on your site

04Site Impact

Attackers can steal user credentials, comments, private data, or modify site content and user accounts.

Conditions required to exploit

05Prerequisites

Network access to the Joomla site; no authentication or user interaction required.

Key dates

06Disclosure timeline

July 23, 2025 CVE published
July 24, 2025 Record updated

Related vulnerabilities

08Related CVE