CVE Catalog

CVE-2019-25757

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

Joomla vWishlist version 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these parameters to extract sensitive database information including version and database names.

Risk Assessment

This vulnerability may lead to the disclosure of sensitive database information, posing a serious threat to the organization's security. It allows attackers to access critical data, which could result in further attacks or privacy breaches.

Recommendation

It is recommended to update Joomla vWishlist to the latest version that addresses this vulnerability. Additionally, implementing extra security measures, such as restricting access to the component only for trusted users, is advisable.

Original NVD description (English source)

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these parameters to extract sensitive database information including version and database names.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS