An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.

Published : 2019-03-29 15:29 Updated : 2019-10-09 23:53


There is no CVSS for this CVE.
Vendor Product Version URI
Harmistechnology Je Messenger 1.2.2 cpe:/a:harmistechnology:je_messenger:1.2.2::~~~joomla%21~~
  1. Harmistechnology (1) Search CVE
    1. Je Messenger (1) Search CVE
      1. 1.2.2


ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-09 23:53