CVE-2019-25759
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
Joomla! Component vBizz version 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands.
Risk Assessment
This vulnerability may lead to the exposure of sensitive database information, including version and database names, posing a serious security threat to the organization.
Recommendation
It is recommended to update the vBizz component to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.

