What the vulnerability does
01Description
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 4.0.0 through 5.4.3 contain a SQL injection vulnerability in a core component. An attacker with high-level administrative privileges can inject malicious SQL commands through an unvalidated input field. This allows reading or modifying database contents without additional authentication.
What an attacker can do
Read or modify database contents by injecting SQL commands through an admin-level input field.
Potential impact on your site
A compromised admin account can be used to extract sensitive data, modify site content, or corrupt the database.
Conditions required to exploit
Attacker must have high-level administrative access to the Joomla! backend.
Key dates
External resources
Related vulnerabilities