CVE Catalog

CVE-2017-20274

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile - higher than 14% of all known CVEs

Summary

Joomla LMS King Professional version 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter.

Risk Assessment

Attackers can send GET requests to index.php, allowing them to extract sensitive database information, which poses a serious security threat to the organization.

Recommendation

It is recommended to update Joomla LMS King Professional to the latest version to mitigate this vulnerability and implement additional security measures such as input data filtering.

Original NVD description (English source)

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS