CVE-2017-20269
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
The KissGallery component in Joomla! version 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.
Risk Assessment
This vulnerability poses a serious risk to data security within the organization, allowing attackers to access confidential information in the database. This could lead to data loss and breaches of user privacy.
Recommendation
It is recommended to update the KissGallery component to the latest version that addresses this vulnerability. Additionally, implementing input data filtering and monitoring system activity is advisable.
Original NVD description (English source)
Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.

