VYPR
Moderate severityNVD Advisory· Published Apr 8, 2025· Updated Apr 21, 2025

[20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package

CVE-2025-25226

Description

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
joomla/databasePackagist
>= 3.0.0, < 3.4.03.4.0
joomla/databasePackagist
>= 1.0.0, < 2.2.02.2.0

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.