What the vulnerability does
01Description
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 6.0.0 through 6.1.0 contain a SQL injection vulnerability in a core component. An attacker with high-level administrative privileges can inject malicious SQL commands through an unspecified input field. This allows reading or modifying database contents without additional user interaction. Sites running affected versions should update immediately.
What an attacker can do
Read or modify database contents by injecting SQL commands through an administrative interface.
Potential impact on your site
An admin account compromise could expose or alter sensitive site data, user records, and configuration.
Conditions required to exploit
Attacker must have high-level administrative access to the Joomla site.
Key dates
External resources
Related vulnerabilities