CVE Catalog

CVE-2017-20279

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile - higher than 14% of all known CVEs

Summary

Joomla Payage version 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information.

Risk Assessment

This vulnerability could lead to the exposure of sensitive database information, posing a significant security risk to the organization.

Recommendation

It is recommended to update Joomla Payage to the latest version to mitigate this vulnerability and to monitor server logs for potential attack attempts.

Original NVD description (English source)

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS