SQL Injection Vulnerability in Joomla! com_tags Component
CVE-2026-35222
6.9MEDIUM
What is CVE-2026-35222?
A SQL injection vulnerability exists in the com_tags component of Joomla! due to improperly validated order clauses. This flaw allows an attacker to manipulate SQL queries, potentially leading to unauthorized access to sensitive information within the database. It is crucial for Joomla! users to update their installations and apply security patches as recommended by the vendor to mitigate this risk.
Affected Version(s)
Joomla! CMS 6.0.0-6.1.0
Joomla! CMS 4.0.0-5.4.5
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Adrian Junge aka vurlo
Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/