What the vulnerability does
01Description
A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Explanation of Vulnerability in Simple Terms
The DJ-Flyer component for Joomla contains a SQL injection vulnerability in versions 1.0-3.2 and earlier. An attacker with high-level administrator privileges can inject malicious SQL code through unfiltered input, potentially reading or modifying the site database. This requires administrative access to exploit.
What an attacker can do
Read or modify the Joomla database by injecting SQL commands through the component.
Potential impact on your site
A compromised admin account could allow an attacker to steal user data, modify site content, or escalate privileges further.
Conditions required to exploit
Attacker must have high-level administrator access to the Joomla site.
Key dates
External resources
Related vulnerabilities