Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN104

_____________________________________________________________________

DATE                : 19/02/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):Systems running Joomla! versions prior to 4.4.11,
                                        5.2.4.

=====================================================================
https://developer.joomla.org/security-centre/958-20250201-core-sql-injection-vulnerability-in-scheduled-tasks-component.html
_____________________________________________________________________

Security Announcements
[20250201] - Core - SQL injection vulnerability in Scheduled Tasks
component

    Project: Joomla!
    SubProject: CMS
    Impact: High
    Severity: Low
    Probability: Low
    Versions: 4.1.0-4.4.10, 5.0.0-5.2.3
    Exploit type: SQL Injection
    Reported Date: 2024-12-10
    Fixed Date: 2025-02-18
    CVE Number: CVE-2025-22207


Description
Improperly built order clauses lead to a SQL injection vulnerability
in the backend task list of com_scheduler


Affected Installs

Joomla! CMS versions 4.0.0-4.4.10, 5.1.0-5.2.3


Solution

Upgrade to version 4.4.11 or 5.2.4


Contact

The JSST at the Joomla! Security Centre.
Reported By:  Calum Hutton, snyk.io


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================