What the vulnerability does
01Description
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 6.0.0 through 6.1.0 contain a SQL injection vulnerability in a core component. An attacker with high-level administrative privileges can inject malicious SQL commands through an unspecified input field. This allows reading or modifying database contents. Sites should update to a patched version as soon as available.
What an attacker can do
Read or modify database contents by injecting SQL commands.
Potential impact on your site
A compromised admin account could expose or alter sensitive site data, user records, or configuration.
Conditions required to exploit
Attacker must have high-level administrative access to the Joomla site.
Key dates
External resources
Related vulnerabilities