PT-2025-7811 · Hikashop · Hikashop
Adam Wallwork
·
Published
2025-02-25
·
Updated
2025-02-27
·
CVE-2025-22210
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hikashop component for Joomla versions 3.3.0 through 5.1.4
Description
A SQL injection vulnerability in the Hikashop component for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in the backend.
Recommendations
For Hikashop component for Joomla versions 3.3.0 through 5.1.4, consider disabling access to the category management area in the backend until a patch is available. Restrict administrative access to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hikashop