CVE-2017-20274
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
Joomla LMS King Professional version 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter.
Risk Assessment
Attackers can send GET requests to index.php, allowing them to extract sensitive database information, which poses a serious security threat to the organization.
Recommendation
It is recommended to update Joomla LMS King Professional to the latest version to mitigate this vulnerability and implement additional security measures such as input data filtering.
Original NVD description (English source)
Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.

