Primary

Context

Joomla! CMS SQL Injection Vulnerability in com_finder Component

Vulnerability

Patched

A SQL injection vulnerability has been identified in the search query of the com_finder component in Joomla! CMS. This issue arises from improperly constructed filter clauses, allowing for authenticated users to manipulate the search query and potentially execute arbitrary SQL commands.

Impact

Exploitation of this vulnerability allows for authenticated users to perform blind SQL injection, manipulating the database and potentially accessing or modifying sensitive information.

Remediation

Users are advised to upgrade to Joomla! CMS versions 5.4.6 or 6.1.1.

Added: May 26, 2026, 11:18 PM

Updated: May 26, 2026, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

3.1

exploitability

5.4

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

3.1

exploitability

5.4

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! CMS SQL Injection Vulnerability in com_finder Component

Vulnerability

Impact

Remediation

Affected Products

Joomla

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating