What the vulnerability does
01Description
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Explanation of Vulnerability in Simple Terms
DJ-Classifieds for Joomla contains a SQL injection vulnerability in versions 3.9.2 through 3.10.1. An attacker with high-level privileges can inject malicious SQL commands through unfiltered input, potentially reading or modifying the site database. This requires administrative or elevated account access to exploit.
What an attacker can do
Read or modify the Joomla database by injecting SQL commands through the component.
Potential impact on your site
A compromised admin account could expose classified listings data, user information, or corrupt the database.
Conditions required to exploit
Attacker must have high-level Joomla privileges (administrator or equivalent role).
Key dates
External resources
Related vulnerabilities