CVE-2025-22212: Extension - tassos.gr - SQL injection in ConvertForms component version 1.0.0-1.0.0 - 4.4.9 for Joomla

2.7 CVSS

Description

A SQL injection vulnerability in the ConvertForms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.

Classification

CVE ID: CVE-2025-22212

CVSS Base Severity: LOW

CVSS Base Score: 2.7

Problem Types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command

Affected Products

Vendor: tassos.gr

Product: ConvertForms component for Joomla

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.15% (scored less or equal to compared to others)

EPSS Date: 2025-04-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22212
https://www.tassos.gr/
https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22212

Timeline

2025-03-05 16:40:18 UTC
CVE

Extension - tassos.gr - SQL injection in ConvertForms component version 1.0.0-1.0.0 - 4.4.9 for Joomla