Moderate severityNVD Advisory· Published Apr 8, 2025· Updated Apr 21, 2025
[20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
CVE-2025-25226
Description
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joomla/databasePackagist | >= 3.0.0, < 3.4.0 | 3.4.0 |
joomla/databasePackagist | >= 1.0.0, < 2.2.0 | 2.2.0 |
Affected products
3- osv-coords2 versions
>= 1.0.0, < 5.0.3+ 1 more
- (no CPE)range: >= 1.0.0, < 5.0.3
- (no CPE)range: >= 3.0.0, < 3.4.0
- Joomla! Project/Joomla! Frameworkv5Range: 1.0.0-2.1.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.