Joomla! Developer Network

There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.

Where to Start

Download Documentation Support Report an Issue Volunteer Roadmap

Review Tracker Volunteer Activity Volunteer Report New Issue Roadmap

Download Documentation Support Report an Issue Contribute Roadmap

Project: Joomla!
SubProject: Framework
Impact: High
Severity: Low
Probability: Low
Versions: 1.0.0-2.1.1, 3.0.0-3.3.1
Exploit type: SQL Injection
Reported Date: 2025-03-17
Fixed Date: 2025-04-02
CVE Number: CVE-2025-25226

Description

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package.

Affected Installs

Database Package version: 1.0.0-2.1.1, 3.0.0-3.3.1

Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

Solution

Upgrade to version 2.2.0 or 3.4.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Nicholas K. Dionysopoulos, akeeba.com

Developer Network™

Where to Start

[20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package

Description

Affected Installs

Solution

Contact