Extension - mooj.org - SQLi in Proforms Basic component for Joomla <= 1.6.0
CVE-2023-34476

9.8CRITICAL

Key Information:

Vendor: Mooj.org
Status: Proforms Basic Component For Joomla
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-34476?

The ProForms Basic extension for Joomla is susceptible to an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands. Attackers may exploit this weakness to execute arbitrary SQL queries, potentially accessing or manipulating sensitive data within the database. It is crucial for users of this extension to assess their environments and apply the necessary security measures to mitigate this risk.

Affected Version(s)

Proforms Basic component for Joomla 1.0.0-1.6.0

References

https://extensions.joomla.org/extension/proforms-basic/

product

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jun 7, 2023

Credit

Vishal Saini and Siva Pothuluru S (Team Payatu)

Mooj.org

What is CVE-2023-34476?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit