CVE-2025-54294

9.3

Critical

Published:23 Jul 2025

Last updated:17 Jun 2026

Source:security@joomla.org

Deferred

Weakness (CWE)

CWE-89SQL Injection

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): None
Confidentiality (Subsequent): None
Integrity (Subsequent): None
Availability (Subsequent): None

View on MITRE Find PoC on GitHub

Description

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands.

References

security@joomla.org

https://stackideas.com/