CVE-2017-20277
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk16th percentile - higher than 16% of all known CVEs
Summary
The JoomRecipe component version 1.0.4 for Joomla contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint.
Risk Assessment
This vulnerability allows attackers to extract information from the database, potentially leading to the exposure of sensitive organizational data.
Recommendation
It is recommended to update the JoomRecipe component to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.

