PT-2025-10454 · Joomlaux · Joomlaux Jux Real Estate

Skalvin

Published

2025-03-09

Updated

2025-03-20

CVE-2025-2126

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions JoomlaUX JUX Real Estate version 3.4.0

Description A critical issue was found in the processing of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties of the component GET Parameter Handler. The manipulation of the title argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For JoomlaUX JUX Real Estate version 3.4.0, as a temporary workaround, consider restricting access to the index.php/properties/list/list-with-sidebar/realties endpoint until a patch is available. Avoid using the title argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

BDU:2025-16004

CVE-2025-2126

Affected Products

Joomlaux Jux Real Estate

PT-2025-10454 · Joomlaux · Joomlaux Jux Real Estate

CVE-2025-2126

Weakness Enumeration

Related Identifiers

Affected Products

References · 13