SQL Injection in Myportfolio Component by Joomla
CVE-2017-20280

8.8HIGH

Key Information:

Vendor: Myportfolio
Status: Myportfolio
Vendor: CVE Published:; 19 June 2026

🔔 Create Myportfolio Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2017-20280?

The Myportfolio component for Joomla version 3.0.2 contains a significant SQL injection vulnerability, allowing attackers to exploit the pid parameter. By sending specially crafted GET requests to index.php with malicious pid values at the task=project&view=grid endpoint, unauthorized individuals can manipulate database queries. This manipulation can lead to the extraction of sensitive information stored in the database, highlighting the need for immediate patching and enhanced security measures.

Affected Version(s)

Myportfolio 3.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-20280 - Proof of Concept

References

https://www.exploit-db.com/exploits/41930

exploit

https://www.vulncheck.com/advisories/joomla-component-myp...

third-party-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 19, 2026
👾
Exploit known to exist
Jun 19, 2026
Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Jun 19, 2026

Credit

Persian Hack Team

CVE-2017-20280 Data

JSON