Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.
The vulnerability lies in the protected quoteNameStr method of the base class of the Joomla Framework database package. In the original 2.x and 3.x branches, this method is not directly called, so the framework itself in standard configuration is not vulnerable. However, the problem may occur in classes inheriting from the affected base class if an extension or external code uses the vulnerable method — in which case an attacker can inject malicious SQL queries.
In a scenario where the vulnerable method is used by derived classes, an attacker can gain unauthorized access to database data, modify or delete data, and potentially take control of the application (full CIA triad: confidentiality, integrity, availability).
Apply patches available from the vendor according to the references provided. Additionally, it is recommended to review your own extensions and classes inheriting from the Joomla Framework database package for use of the quoteNameStr method, and if used, urgently update or refactor the code.
Joomla Framework, database package in 2.x and 3.x branches — exclusively in cases of classes extending the affected base class and using the quoteNameStr method. Original classes provided by the vendor are not directly vulnerable.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJoomla Joomla\!
APPJoomla1.0.0 – 2.2.0 (bez)3.0.0 – 3.4.0 (bez)
Related vulnerabilities
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass ...
Joomla! — degradacja szyfrowania transportu w linkach resetowania hasła i nazwy użytkownika
Joomla! — cache poisoning przez dowolne parametry w paginacji
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the sel...
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a s...