CVE-2025-54474 HIGH

CVE-2025-54474: Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla

Vendor Dj-Extensions.com
Product DJ-Classifieds component for Joomla
Weakness CWE-89 · SQLi
Published August 15, 2025
Last update August 15, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.

Explanation of Vulnerability in Simple Terms

02Summary

DJ-Classifieds for Joomla contains a SQL injection vulnerability in versions 3.9.2 through 3.10.1. An attacker with high-level privileges can inject malicious SQL commands through unfiltered input, potentially reading or modifying the site database. This requires administrative or elevated account access to exploit.

What an attacker can do

03Attacker Capabilities

Read or modify the Joomla database by injecting SQL commands through the component.

Potential impact on your site

04Site Impact

A compromised admin account could expose classified listings data, user information, or corrupt the database.

Conditions required to exploit

05Prerequisites

Attacker must have high-level Joomla privileges (administrator or equivalent role).

Key dates

06Disclosure timeline

August 15, 2025 CVE published
August 15, 2025 Record updated

Related vulnerabilities

08Related CVE