PT-2022-16269 · Joomla · Joomla!

Hoàng Nguyễn

Published

2022-03-30

Updated

2025-04-03

CVE-2022-23797

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Joomla! versions 3.0.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0

Description An issue was discovered in Joomla! where inadequate filtering on the selected Ids in a request could result in a possible SQL injection.

Recommendations For Joomla! versions 3.0.0 through 3.10.6, update to a version outside of this range to mitigate the risk. For Joomla! versions 4.0.0 through 4.1.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Avoid using user-supplied input in SQL queries to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BIT-JOOMLA-2022-23797

CVE-2022-23797

Affected Products

Joomla!

PT-2022-16269 · Joomla · Joomla!

CVE-2022-23797

Weakness Enumeration

Related Identifiers

Affected Products

References · 6