Joomla · Contact Form Maker · CVE-2015-2798
**Name of the Vulnerable Software and Affected Versions**
Joomla! Component Contact Form Maker version 1.0.1
**Description**
A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter.
**Recommendations**
For version 1.0.1, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.