CVE-2019-25761
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
JoomCRM component version 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with option=com_joomcrm and view=contacts to extract sensitive database information.
Risk Assessment
This vulnerability may lead to the exposure of sensitive database information, such as table names and schemas, posing a serious threat to the organization's data security.
Recommendation
It is recommended to update the JoomCRM component to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with option=com_joomcrm&view=contacts and inject SQL code in the deal_id parameter to extract sensitive database information including table names and schemas.

