CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product id parameter to extract sensitive database information including credentials and configuration data.