Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Joomla Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-25226 - Vulnerability Database
Joomla

Joomla Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-25226

Critical
Reference: CVE-2025-25226
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-25226
Title: Joomla Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However classes extending the affected class might be affected if the vulnerable method is used.