- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Probability: Low
- Versions: 4.1.0-4.4.10, 5.0.0-5.2.3
- Exploit type: SQL Injection
- Reported Date: 2024-12-10
- Fixed Date: 2025-02-18
- CVE Number: CVE-2025-22207
Description
Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler
Affected Installs
Joomla! CMS versions 4.0.0-4.4.10, 5.1.0-5.2.3
Solution
Upgrade to version 4.4.11 or 5.2.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Calum Hutton, snyk.io