CVE-2017-20270
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
The Twitch Tv component in Joomla! version 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters.
Risk Assessment
Attackers can access sensitive database information, including credentials and configuration data, which may lead to serious security breaches.
Recommendation
It is recommended to update the Twitch Tv component to the latest version and implement input filtering and validation to prevent SQL injection.
Original NVD description (English source)
Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=com_twitchtv and view parameters containing SQL injection payloads to extract sensitive database information including credentials and configuration data.

