Joomla · Ckeditor · CVE-2018-17254
**Name of the Vulnerable Software and Affected Versions**
JCK Editor component version 6.4.4 for Joomla!
**Description**
The issue allows SQL Injection via the `parent` parameter in the "jtreelink/dialogs/links.php" endpoint.
**Recommendations**
For JCK Editor component version 6.4.4, avoid using the `parent` parameter in the "jtreelink/dialogs/links.php" endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.