Critical severityNVD Advisory· Published Mar 30, 2022· Updated Feb 25, 2026
[20220307] - Core - Variable Tampering on JInput $_REQUEST data
CVE-2022-23799
Description
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joomla/inputPackagist | >= 2.0.0, < 2.0.2 | 2.0.2 |
Affected products
3- osv-coords2 versions
>= 4.0.0, <= 4.1.0+ 1 more
- (no CPE)range: >= 4.0.0, <= 4.1.0
- (no CPE)range: >= 2.0.0, < 2.0.2
Patches
Vulnerability mechanics
References
6- developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.htmlghsax_refsource_MISCvendor-advisoryWEB
- github.com/advisories/GHSA-49fj-qp6p-q544ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23799ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/joomla/input/CVE-2022-23799.yamlghsaWEB
- github.com/joomla-framework/input/commit/2086df5860a2edccd77c329ee7cbd118cfe93514ghsaWEB
- github.com/joomla/joomla-cms/issues/35541ghsaWEB
News mentions
0No linked articles in our index yet.