CVE Catalog

CVE-2019-25761

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

JoomCRM component version 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with option=com_joomcrm and view=contacts to extract sensitive database information.

Risk Assessment

This vulnerability may lead to the exposure of sensitive database information, such as table names and schemas, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update the JoomCRM component to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with option=com_joomcrm&view=contacts and inject SQL code in the deal_id parameter to extract sensitive database information including table names and schemas.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS