CVE-2025-22212

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22212
A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.

2.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22212 Third Party Advisory
https://www.tassos.gr/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:convert_forms_project:convert_forms:*:*:*:*:*:joomla\!:*:*
History

28 May 2025, 20:29

Type Values Removed Values Added
First Time Convert Forms Project
Convert Forms Project convert Forms
References () https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22212 - () https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22212 - Third Party Advisory
References () https://www.tassos.gr/ - () https://www.tassos.gr/ - Product
CPE cpe:2.3:a:convert_forms_project:convert_forms:*:*:*:*:*:joomla\!:*:*

14 Mar 2025, 23:15

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de inyección SQL en el componente ConvertForms versiones 1.0.0-1.0.0 - 4.4.9 para Joomla permite a atacantes autenticados (administrador) ejecutar comandos SQL arbitrarios en el área de administración de envíos en el backend.
Summary (en) A SQL injection vulnerability in the ConvertForms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend. (en) A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.

05 Mar 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-05 16:15

Updated : 2025-05-28 20:29

NVD link : CVE-2025-22212

Mitre link : CVE-2025-22212

CVE.ORG link : CVE-2025-22212

JSON object : View

Products Affected

convert_forms_project

  • convert_forms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')