Nicholas K. Dionysopoulos

Name of the Vulnerable Software and Affected Versions: Joomla versions prior to 2.1.1 and 3.3.1 Description: The issue arises from improper handling of identifiers, leading to a SQL injection vulnerability in the `quoteNameStr` method of the database package. This method is protected and has no usages in the original packages in either the 2.x or 3.x branch, meaning the vulnerability cannot be exploited when using the original database class. However, classes extending the affected class might be affected if the vulnerable method is used. Recommendations: For versions prior to 2.1.1 and 3.3.1, consider restricting the use of the `quoteNameStr` method in extended classes until a patch is available. As a temporary workaround, avoid using the `quoteNameStr` method in classes that extend the affected class to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 4.0.0 through 4.1.0 **Description** An issue was discovered in Joomla! where under specific circumstances, `JInput` pollutes method-specific input bags with `$ REQUEST` data. **Recommendations** For Joomla! versions 4.0.0 through 4.1.0, consider updating to a version where this issue is resolved, as no specific fix is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.