What the vulnerability does
01Description
Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.
Explanation of Vulnerability in Simple Terms
02Summary
Responsive Portfolio versions 1.6.1 and later contain a SQL injection vulnerability in database query handling. An attacker with low-level user privileges can inject malicious SQL commands to read or modify database contents. The vulnerability requires network access and low authentication privileges but no user interaction.
What an attacker can do
03Attacker Capabilities
Read or modify database contents by injecting SQL commands into vulnerable queries.
Potential impact on your site
04Site Impact
Database contents may be exposed or altered by authenticated attackers with low privileges.
Conditions required to exploit
05Prerequisites
Attacker must have low-level user account access to the application.
Key dates
06Disclosure timeline
May 25, 2026
CVE published
May 26, 2026
Record updated