Joomla! Developer Network

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.1.0 through 3.2.2
  • Exploit type: SQL Injection
  • Reported Date: 2014-February-06
  • Fixed Date: 2014-March-06
  • CVE Number: Pending


Inadequate escaping leads to SQL injection vulnerability.

Affected Installs

Joomla! CMS versions 3.1.0 through 3.2.2


Upgrade to version 3.2.3


The JSST at the Joomla! Security Center.

Reported By: ??

Joomla! CMS

Current Release 

View known Issues

Development Status

Nightly CMS builds for developers are available for download

Joomla! Framework

Joomla! Reading

Joomla! Programming

Joomla! Programming

Mark Dexter & Louis Landry
Joomla! Templates

Joomla! Templates

Angie Radtke