CVE-2025-22211

State: PUBLISHED · Published: 2025-02-25 · Updated: 2025-03-04 · Assigner: Joomla

Description

A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend.

CWE

CWE-89 — CWE-89: Improper Neutralization of Special Elements used in an SQL Command

Affected

webdesigner-profi.de / JoomShopping component for Joomla — v=1.0.0-1.4.3 [affected]

CVSS

(none)

References

https://www.webdesigner-profi.de/ product
https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22211 third-party-advisory

Source

cvelistV5-main/cves/2025/22xxx/CVE-2025-22211.json