CVE-2017-20267
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
The Calendar Planner component in Joomla! version 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.
Risk Assessment
This vulnerability poses a risk of exposing sensitive database information, which could lead to serious security breaches and loss of user trust.
Recommendation
It is recommended to update the Calendar Planner component to the latest version and implement input filtering and validation to prevent SQL injection.
Original NVD description (English source)
Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.

