CVE Catalog

CVE-2019-25759

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

Joomla! Component vBizz version 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands.

Risk Assessment

This vulnerability may lead to the exposure of sensitive database information, including version and database names, posing a serious security threat to the organization.

Recommendation

It is recommended to update the vBizz component to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS