SQL Injection Vulnerability in Joomla! Component Appointment by Joomla!
CVE-2017-12758

9.8CRITICAL

Key Information:

Vendor: Joomlaextensions
Status: Component Appointment
Vendor: CVE Published:; 9 May 2019

🔔 Create Joomlaextensions Vulnerability Alert

What is CVE-2017-12758?

The Joomla! Component Appointment version 1.1 contains an SQL Injection vulnerability allowing attackers to execute remote code. This flaw can be exploited via specially crafted input, potentially leading to unauthorized access and manipulation of the database. It poses a serious risk for web applications utilizing this component, highlighting the need for immediate action to secure systems against such threats.

References

http://joomlaextension.biz/appointment/

x_refsource_MISC

https://www.exploit-db.com/exploits/42492

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2019
Vulnerability Reserved
Aug 9, 2017

CVE-2017-12758 Data

JSON