CVE-2017-20279
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
Joomla Payage version 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information.
Risk Assessment
This vulnerability could lead to the exposure of sensitive database information, posing a significant security risk to the organization.
Recommendation
It is recommended to update Joomla Payage to the latest version to mitigate this vulnerability and to monitor server logs for potential attack attempts.
Original NVD description (English source)
Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques.

