CVE Catalog

CVE-2017-20269

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile - higher than 18% of all known CVEs

Summary

The KissGallery component in Joomla! version 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.

Risk Assessment

This vulnerability poses a serious risk to data security within the organization, allowing attackers to access confidential information in the database. This could lead to data loss and breaches of user privacy.

Recommendation

It is recommended to update the KissGallery component to the latest version that addresses this vulnerability. Additionally, implementing input data filtering and monitoring system activity is advisable.

Original NVD description (English source)

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS