CVE-2017-20281
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
The Joomla! Extra Search component version 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information.
Risk Assessment
This vulnerability poses a serious risk to organizations by allowing attackers to access sensitive data in the database, potentially leading to loss of confidentiality and data integrity.
Recommendation
It is recommended to update the Extra Search component to the latest version to eliminate this vulnerability and implement appropriate security measures such as input filtering and validation.
Original NVD description (English source)
Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information.

