CVE-2022-23797 — SQL Injection in Joomla !

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.0%

top 94.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !Joomla! Project Joomla! CMS

Timeline

PublishedMar 30

Latest updateMar 31

Description

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDjoomla/joomla_!3.0.0 — 3.10.6+1

▶CVEListV5joomla!_project/joomla!_cms3.0.0-3.10.6 & 4.0.0-4.1.0

🔴Vulnerability Details

GHSA

GHSA-72pc-jmmj-xpw5: An issue was discovered in Joomla! 3↗2022-03-31

▶

CVEList

[20220305] - Core - Inadequate filtering on the selected Ids↗2022-03-30

▶