CVE Catalog

CVE-2017-20253

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

The My Projects 2.0 component in Joomla! contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extract sensitive database information including credentials and system data.

Risk Assessment

This vulnerability poses a serious risk to organizations as it allows attackers to access sensitive information in the database, potentially leading to security breaches and data loss.

Recommendation

It is recommended to update the My Projects component to the latest version that addresses this vulnerability and to conduct a security audit of the database to detect potential breaches.

Original NVD description (English source)

Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extract sensitive database information including credentials and system data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS