What the vulnerability does
01Description
A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H
What the vulnerability does
A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.
Explanation of Vulnerability in Simple Terms
AcyMailing extension for Joomla contains a SQL injection vulnerability in versions 1.0-10.11.0 and earlier. An attacker with network access can inject malicious SQL commands through unfiltered input, potentially reading or modifying the site's database. No authentication is required to exploit this flaw. Site administrators should update to a patched version as soon as it becomes available.
What an attacker can do
Read or modify the site's database by injecting SQL commands through unfiltered input.
Potential impact on your site
Attackers can steal subscriber data, email lists, configuration settings, or modify/delete database records without logging in.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities