Joomla! Developer Network

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions:¬†3.1.0 through 3.2.2
  • Exploit type: SQL Injection
  • Reported Date: 2014-February-06
  • Fixed Date: 2014-March-06
  • CVE Number: Pending


Inadequate escaping leads to SQL injection vulnerability.

Affected Installs

Joomla! CMS versions 3.1.0 through 3.2.2


Upgrade to version 3.2.3


The JSST at the Joomla! Security Center.

Reported By: ??

Current Release

Legacy Release

Note: View known compatibility Issues

Current Release: 1.1.0

Upcoming Release: 1.2

Joomla! Reading

Joomla! Programming

Joomla! Programming

Mark Dexter & Louis Landry
Joomla! Templates

Joomla! Templates

Angie Radtke