Blockomat2100

**Name of the Vulnerable Software and Affected Versions** Balbooa Joomla Forms Builder version 2.0.6 **Description** An unauthenticated SQL injection exists in the form submission handler, allowing remote attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'com baforms' component containing malicious JSON payloads in the `id` field parameter to extract sensitive database information. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.