What the vulnerability does
01Description
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
What the vulnerability does
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter.
Explanation of Vulnerability in Simple Terms
The Balbooa Forms component for Joomla contains a SQL injection vulnerability in versions up to 2.3.1.1. An attacker with high-level administrative privileges can inject malicious SQL code through form input fields, potentially reading or modifying the site database. This vulnerability requires authenticated access and does not affect confidentiality, integrity, or availability of the broader system.
What an attacker can do
Execute arbitrary SQL queries against the Joomla database to read or modify data.
Potential impact on your site
A compromised admin account could be used to extract or alter sensitive site data via the form component.
Conditions required to exploit
Attacker must have high-level administrative access to the Joomla site.
Key dates
External resources
Related vulnerabilities