CVE Catalog

CVE-2017-20281

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile - higher than 18% of all known CVEs

Summary

The Joomla! Extra Search component version 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information.

Risk Assessment

This vulnerability poses a serious risk to organizations by allowing attackers to access sensitive data in the database, potentially leading to loss of confidentiality and data integrity.

Recommendation

It is recommended to update the Extra Search component to the latest version to eliminate this vulnerability and implement appropriate security measures such as input filtering and validation.

Original NVD description (English source)

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS