Home

Description

A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.

PUBLISHED Reserved 2025-02-16 | Published 2025-07-18 | Updated 2025-07-23 | Assigner Joomla

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command

Product status

Default status
unaffected

1.0.0-1.0.1.0007
affected

Credits

Kamil Szczurowski finder

Robert Kruczek finder

References

joomcar.net/ product

cve.org (CVE-2025-26855)

nvd.nist.gov (CVE-2025-26855)

Download JSON