CVE Catalog

CVE-2017-20277

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

The JoomRecipe component version 1.0.4 for Joomla contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint.

Risk Assessment

This vulnerability allows attackers to extract information from the database, potentially leading to the exposure of sensitive organizational data.

Recommendation

It is recommended to update the JoomRecipe component to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS