What the vulnerability does
01Description
SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits.
Explanation of Vulnerability in Simple Terms
02Summary
mod_vvisit_counter version 2.0.4j3 contains a SQL injection vulnerability that allows unauthenticated attackers to query or modify the site's database. The flaw exists in how user input is processed without proper sanitization. An attacker can extract sensitive data, alter records, or potentially gain further access to the site.
What an attacker can do
03Attacker Capabilities
Query, read, or modify the site database without authentication.
Potential impact on your site
04Site Impact
Database contents (user data, posts, settings) can be read or altered by remote attackers.
Conditions required to exploit
05Prerequisites
Network access to the vulnerable module; no authentication or user interaction required.
Key dates
06Disclosure timeline
October 3, 2025
CVE published
October 3, 2025
Record updated