CVE Catalog

CVE-2017-20267

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

The Calendar Planner component in Joomla! version 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.

Risk Assessment

This vulnerability poses a risk of exposing sensitive database information, which could lead to serious security breaches and loss of user trust.

Recommendation

It is recommended to update the Calendar Planner component to the latest version and implement input filtering and validation to prevent SQL injection.

Original NVD description (English source)

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS