Description
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.
Weaknesses
- CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected products
| Vendor | Product | Versions |
|---|---|---|
| joomcoder.com | JoomCCK extension for Joomla | 1.0-6.4.0 |
References
- https://www.joomcoder.com/ (product)
Generated from the official CVE List on 29 Jun 2026 07:08 UTC.