-
Byte Open Security
(ByteOS Network)
Log In
Sign Up
CVE Vulnerability Details :
CVE-2026-35222
PUBLISHED
More Info
Official Page
Assigner
-
Joomla
Assigner Org ID
-
6ff30186-7fb7-4ad9-be33-533e7b05e586
View Known Exploited Vulnerability (KEV) details
Published At
-
26 May, 2026 | 16:45
Updated At
-
26 May, 2026 | 16:45
Rejected At
-
▼
CVE Numbering Authority (CNA)
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
Affected Products
Vendor
Joomla!
Joomla! Project
Product
Joomla! CMS
Default Status
unaffected
Versions
Affected
6.0.0-6.1.0
4.0.0-5.4.5
Problem Types
Type
CWE ID
Description
CWE
CWE-89
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type:
CWE
CWE ID:
CWE-89
Description:
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
Version
Base score
Base severity
Vector
4.0
6.9
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version:
4.0
Base score:
6.9
Base severity:
MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC ID
Description
CAPEC-66
CAPEC-66 SQL Injection
CAPEC ID:
CAPEC-66
Description:
CAPEC-66 SQL Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Adrian Junge aka vurlo
finder
Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
https://developer.joomla.org/security-centre/1039-20260507-core-authenticated-blind-sqli-in-com-tags.html
vendor-advisory
Hyperlink:
https://developer.joomla.org/security-centre/1039-20260507-core-authenticated-blind-sqli-in-com-tags.html
Resource:
vendor-advisory
Details not found